Deployment and Decision-Making Resources
Buildings are conceived and built in a linear process beginning with the definition by the building’s owner of the needs the building is meant to fulfill. The process is generally known as the development of a project’s functional program. For some new buildings, such as those owned by federal agencies and multinational corporations, this process might include a threat assessment and risk analysis (TARA). For buildings subject to the Interagency Security Committee Security Design Criteria, TARA is conducted by a multidisciplinary team as early in the process as feasible. Several agencies have issued guidance documents on conducting such assessments for building design and protection (NIOSH, 2002; ASHRAE, 2003; FEMA, 2003). Ideally, TARA is done before site acquisition because the choice of site location, access, and dimensions can affect physical security profoundly. For existing buildings, a vulnerability study is needed whereby the building is evaluated for its vulnerabilities to the threat and risk defined by the multidisciplinary team.
A functional program is developed by the building owner and key stakeholders who will occupy the building. From the functional program, an architectural space program is developed. The architectural space program establishes net and gross areas for the project including requirements related to the protection of building occupants from biological and chemical airborne threats as identified in the TARA. From the areas and owner-stated quality and performance objectives for systems, finishes, and other elements, a cost estimate can be developed using public and private cost databases for similar facilities. If the cost estimate exceeds available resources, the programs and quality objectives would be revised until the budget objectives are achievable.
Bidding documents including detailed drawings and specifications are then
developed, and increasingly detailed cost estimates can be prepared. When the drawings and specifications are ready and the final cost estimate has been approved, bidding or another procurement method can begin. Typically, public work is subject to competitive bidding, but increasingly some agencies have used design-build as a procurement method. The design-build method usually involves preparation of preliminary drawings and specifications (the design development documents). These documents are used to solicit competitive bids for the completion of the design and construction as a package with a fixed lump sum or a guaranteed maximum price.
RISK ASSESSMENT AND RISK MANAGEMENT
Many fundamental concepts of human health risk assessment from chemical and biological hazards have been described in Risk Assessment in the Federal Government: Managing the Process (NRC, 1983). The basic paradigm developed in that report is shown in Figure 6-1, and it captures the two key components—risk assessment and risk management—that apply equally well to building protection situations.
Generally, human health risk assessments for biological and chemical threat agents include a risk assessment component that addresses the identification and characterization of agents involved (hazard or threat assessment), exposure potential for scenarios of interest (exposure or vulnerability assessment), and important uncertainties to fully characterize the resulting risk estimates (risk characterization or consequence assessment). The output of the risk assessment is used in the risk management process to identify and prioritize risk reduction strategies. Thus, risk management is the process of weighing alternatives and selecting the most appropriate actions that often integrates the results of risk assessment on human health risk with social, economic, and political concerns to reach a decision (NRC, 1983).
Implementation of a systematic approach for decision making for building protection requires input of various experts, including experts in medicine, health sciences, security and infrastructure protection, and building use and design. In addition to building protection, risk assessment and risk management have been applied to many other areas. Each area of application has fairly well-developed approaches that are optimized to its unique needs. Consequently, the areas of application might use somewhat different terminology and methodology. The following summary of risk assessment and risk management presents the highlights of what is judged to be common across different disciplines with potential applications to building protection.
Risk assessment provides an objective, often science-based, approach to compare risks. Risk assessments are inputs used by decision makers to deter-
mine risk management strategies. Risk management identifies the optimal course of action, taking into account conflicting objectives and uncertain supporting information.
Using the terminology of risk analyses for infrastructure protection, risk assessment is a process by which threats, vulnerabilities, and consequences are identified and used to inform decision making, including allocation of resources. All risk assessment and risk management approaches include common activities: (1) identification, characterization, and assessment of threat types; (2) assessment of the vulnerability of critical assets to threat types; (3) determination of the risk or specific consequence of attack or unintentional release; and (4) management of risks. Although the discussion below describes these activities separately, they are typically tightly coupled and interdependent. For example, ranking of threat types of concern depends on the determination of vulnerabilities, which in turn depends on the prioritization of mission goals, and so on. The information exchange among various components of risk assessment–risk management effort is also noted in the framework presented in the 1983 National Research Council (NRC) report.
Identification, Characterization, and Assessment of Threat Types. The characterization of threat type is required for a risk assessment. Important characteristics to consider include the physical, chemical, and health hazard characteristics of the threat agent; the intentional or unintentional nature of the threat type; the motivation for use of the agent; the triggers that might initiate an event; the method of delivery; and the trends seen from previous events (CRS, 2004). One of the greatest challenges in risk assessment for building protection is that the threat type is almost infinite in variety and complexity, but the risk assessment process still requires a characterization of the variety of threat types. Determination of the threat type is particularly challenging in the adversary-protector dynamic of building protection (NRC, 2007). The aim of the adversary is to seek and use only threat types of high consequence, whereas the aim of the protector is to remove vulnerabilities of high consequence. The adversary-protector dynamic is fundamentally different from that in other areas of risk assessment application such as environmental hazards or industrial safety where the variety of threat types is substantially less and more statistically determined. Because it is unrealistic to consider all imaginable threat types in a risk assessment, some metric is required to determine when the consideration of the threat types is comprehensive enough to cover most high-consequence threat types. An appropriate metric is evaluating the sensitivity of the conclusions of the risk assessment to the consideration of additional threat types (that is, ones that have not previously been considered in the analysis). If the conclusions are insensitive to the consideration of additional threat types or scenarios, then the threat-type characterization can be considered comprehensive. The additional challenge is that threat-type characterizations are
sensitive to rapid changes in technologies and adversaries, so the characterization of threat types needs to be reassessed periodically.
Assessment of the Vulnerability of Critical Assets to Threat Types. Vulnerabilities specify the system components or operations that have a high sensitivity of the performance metric to a given threat type; for example, a given building is highly vulnerable to an indoor release of a given threat agent at a given location. Generally, vulnerabilities are dependent on all aspects of the protection systems—the physical, operational, technical, and organizational. Because all protection systems have vulnerabilities at some level, the greatest concern arises for vulnerabilities that result in severe consequences from a moderate threat type (a threshold or nonlinear response in the system). Also, a vulnerability that can be impacted by a wide variety of threat types, even though the consequence of the vulnerability might be less severe, should rank high as a vulnerability of concern. The importance of the number of threat types that affects vulnerability reinforces the introductory comment that the activities of risk assessment are tightly coupled and interdependent. Furthermore, the challenges cited above on the dynamic nature of threat-type characterization equally apply to the vulnerability assessment from the protector’s perspective. Because of the wide variety of vulnerabilities and their dependence on mission and threat types, generalizations of vulnerabilities might be useful, as proposed in Figure 2-1, in focusing the development of new protection efforts across DOD facilities.
Determine the Risk or Specific Consequence of Attack or Unintentional Release. Risk can be seen as a discounted measure of consequence or an estimate of expected loss. It is based on what might or might not happen given the vulnerabilities, likelihood of an event, and importance of assets. The determination of risk can be viewed as the process that integrates the activities described above; it is the process that has the widest variety of methodologies across different disciplines that range from qualitative comparisons of perceived risk to quantitative methods with detailed causality networks and uncertainty quantification. In order to be sustainable in our complex and changing world, the method should be defensible (results clearly traceable to inputs and process) and adaptable (results can be updated quickly if new information is discovered). The risk assessment is a tool for providing the information needed to inform decisions across potentially conflicting missions and corresponding requirements. For example, significant consequences of an airborne release of biological and chemical threat agents include injury or death of occupants, disruption of key operations, and damage to or contamination of contents. The resulting impact from any of these consequences varies in severity depending on what is deemed critical, which needs to be outlined in the risk assessment.
Management of Risks. An overall risk reduction strategy can be achieved by
characterizing the risk and benefit of each strategy as identified in the risk assessment. In building protection, risk reduction management would determine what level of protection and appropriate components are necessary for a specified protection objective. Depending on the building mission, different metrics of performance (for example, fraction of occupants exposed, fraction of building exposed) are weighted by their importance. The performance metrics establish the basis by which comparisons can be made across a variety of conflicting requirements. In most application areas, the common metric is often reduced to cost, including health consequences and loss of life. Because resources are always limited, the feasibility and cost of a given management strategy have to be assessed. Risks can be reduced by addressing any or all of the three components: the threat, vulnerabilities, or consequences. Once reasonable risk reduction strategies have been identified, the benefit of each strategy can then be characterized. As an example, while level of protection 3 (LP-3) strategy might be desirable for a particular facility, if limitations exist for installing or acquiring a particular component or if highly trained personnel are not available to maintain the system, it might be better to deploy LP-2 until resources to reach LP-3 can be acquired. In most risk management plans, costs play a significant role and are addressed in some form of a cost-benefit analysis. For building owners with a fixed budget, it is optimal to maximize the benefits for a given cost. There are two extremes for optimization: protect critical assets at the expense of others or protect all assets with marginal protection. Most owners, however, use strategies that are somewhere in between the two extremes. In all cases, cost-benefit analyses are important risk management tools used in setting priorities. (Cost consideration and cost-benefit analysis are discussed in further detail in the next two sections of this chapter.)
Guidance Documents for Building Protection
A number of private and governmental organizations, including the National Institute for Occupational Safety and Health (NIOSH), American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. (ASHRAE), Federal Emergency Management Agency (FEMA), and Lawrence Berkeley National Laboratory (LBNL), recognize the need for guidance on protection of building occupants from terrorist attacks. They have issued documents intended to assist in the selection of security upgrades for managing risks from terrorist attacks (NIOSH, 2002; ASHRAE, 2003; FEMA, 2003; DOE, 2004). These documents provide specific guidance, such as upgrading filtration and relocating or securing outside air intakes. They also articulate the need for a rational multihazard assessment of risk and the application of a risk management process to evaluate possible courses of action. Such methods are necessary because the budget for protecting a building from natural and terrorist threats is finite, and thus the use of risk-based tools is necessary for priority setting.
The NIOSH guidance emphasizes the importance of understanding the build-
ing and establishing a list of its vulnerabilities (NIOSH, 2002). The Building Vulnerability Assessment and Mitigation Program (BVAMP) developed by LBNL (DOE, 2004) is an assessment tool that uses responses to a set of questions posed to building users to assemble an evaluation of the building and make recommendations for improving building safety.
The ASHRAE report outlines a four-step risk management process: (1) risk analysis, (2) risk treatment planning, (3) risk treatment plan implementation, and (4) reevaluating the plan after implementation and modifying it as needed. Risk analysis is itself a multistep process that involves (1) determining the organization’s level of exposure, (2) identifying the risk, (3) estimating the probability of risk occurrence, (4) determining the value of the loss, and (5) ranking the risks and identifying the building’s vulnerabilities. Each of the steps in risk analysis can be performed by a variety of methods, ranging from mainly heuristic to highly quantitative. The example assessment included in the ASHRAE report relies on subjective rather than analytical methods (ASHRAE, 2003). An updated edition of that AHSRAE report is being prepared (ASHRAE, forthcoming).
FEMA 426 provides a comprehensive discussion of terrorist threats to buildings and measures for mitigating them. It summarizes information found in many sources, including the NIOSH and ASHRAE documents mentioned above. The manual begins with a lengthy discussion of risk assessment (Figure 6-2), which provides the context for subsequent discussion of protective technology (FEMA, 2003).
In addition to this array of guidance, the Department of Homeland Security (DHS) is actively funding research centers (academic and national laboratories) to develop threat and vulnerability assessment approaches, including efforts geared to infrastructure protection. For example, DHS-funded research on assessment approach is conducted by the University of Southern California’s Center for Risk and Economic Analysis of Terrorism Events, the University of Wisconsin-Madison, and other research groups. In 2005, DHS also conducted an extensive biological risk assessment covering many threat agents and many scenarios as directed by Homeland Security Presidential Directive 10 on Biodefense for the 21st Century (White House, 2004). These DHS-funded projects were presented at the Society for Risk Analysis Meeting in December 2006 (SRA, 2006) and were being reviewed by an NRC study (NRC, 2007) at the time this report was completed. The growing overall body of work highlights the need for a systematic risk assessment and risk management approach to assess building protection requirements. The specific methods and approaches for conducting such assessments are evolving. Current methods are highly variable and depend on the nature of the requirements being addressed. The DHS-funded projects and the evolving methods and approaches for conducting risk assessments are useful guidance and resources for the development and implementation of decision support tools in the context of a building protection program (NRC, 2007).
Because of the obvious variations in goals and objectives and in risk assess-
ment and risk management approaches, specific methodologies or tools for risk assessment and risk management are not recommended here (some existing tools are described in Chapter 5 of this report).
There are a number of components associated with the cost of building or retrofitting a facility for biological or chemical protection. Reliable costs cannot be readily calculated because construction and operating data are usually based on a history of similar buildings. As is the case with all construction, the actual costs associated with a project are known only after the facility is built. Furthermore, operation and maintenance costs are known only after a period of actual operation. The entire life-cycle cost1 of a facility is estimated on the basis of the length of time the building is to be in operation. The shorter the building is expected to be in operation, the higher might the cost per year to operate become. Oftentimes, long-term use of a building might require extensive modernization; these costs are calculated on the basis of the history of similar buildings.
Costs of Construction
Costs of construction generally include construction materials, labor, and equipment. Construction costs are a subset of the actual total building cost, which includes permanent fixtures and equipment specified by the user. Material cost depends on the market cost of the construction materials and the quality of materials desired. The costs of equipment and labor depend on the market costs and a building productivity rate. A building to be built on a shorter schedule generally has higher costs for labor and equipment. Higher costs are attributable to increased work hours for a specific number of laborers or an increased number of laborers and to the increase in cost for use of equipment or use of more productive equipment. The major drivers in the costs of construction are presumed to be quality of and time for construction.
The costs of constructing or retrofitting a building for protection might or might not include the cost of specialty biological or chemical sensor equipment depending on the level of protection sought. If specialty equipment is not included, the construction costs of a building with some passive protection are related mostly to the quality of and time for construction. Without specialty equipment and with time of construction being equivalent, a passively protected facility is more expensive than a standard facility because the former requires a higher quality of construction to meet the expected performance of the building.
If specialty equipment is included, the cost of biological and chemical sensors and the cost of high-quality construction are included in the construction costs of a protected building. However, these are only the initial costs that determine the capital investment required for protection. Life-cycle costs, which could be more substantial than initial costs, have to be considered.
In addition to the initial costs of planning, design, and construction, periodic and preventive maintenance, repair, replacement of parts, and modernization incur additional costs during the life of a building. Comparing total costs or life-cycle costs is the most effective way to assess various alternatives to facility procurement. Future costs to repair or replace parts can only be estimated, but they are part of the budget consideration in a well-planned project. Fitting a building with a protection system would be fiscally unwise if the operation of the total system cannot be maintained. A well-functioning protection system involves a well-maintained building with minimal leakage and predictable airflow, well-maintained and calibrated sensors and response platforms if they are used, and periodic equipment replacement.
Estimating first costs of proposed buildings is best done from actual design documents—the more detailed these are, the better the estimate is. The more specialized and complex the building, the more important it is to have a detailed design as a basis for cost estimation. Pre-design cost budgeting is done from experience and using various public and commercial databases that provide costs per unit area or a similar metric. For unique building types or buildings designed for unusual requirements such as mitigating the effects of biological or chemical airborne threats, such databases do not exist or are not based on a large number of similar buildings. Therefore, useful total cost projections for mitigation of such attacks can probably be only done by pricing a range of hypothetical models in which enough design of systems and construction have been done to provide realistic conditions. Such analysis is beyond the scope of this study, but some important considerations should be noted.
The first costs of design and construction vary even for the same building design. One variable is the familiarity of designers and constructors with the building type, its performance requirements, and technologies. For example, a design team and builder with experience in residential construction might not be able to design and construct a laboratory as economically or as satisfactorily as those with extensive experience in the field.
The uniqueness of the design affects first costs. The repeated construction of a school or other building using “standardized” designs is likely to yield a lower first cost than construction of a one-of-a-kind building of the same function, especially if economies of large-quantity purchasing of materials can be
realized. Even buildings designed to be repetitive, such as some schools, housing, or utilitarian structures, have to be adapted to specific sites with varying topography and geology and to varying climatic conditions. These variations can affect first costs dramatically.
The complexity of the design affects first costs. The greater the sophistication required of designers and constructors in technologies of design and building, the higher the first cost is likely to be. Design and construction of airtight buildings and sophisticated air distribution and filtration systems could add cost just because of the unfamiliarity with these requirements in current design and construction practice.
A more subtle first-cost consideration might be in the process of procurement. The current local demand for construction labor and materials could drive the costs of both up or down. The rate of inflation applied to the design, procurement, and construction period and the cost to construction contractors of financing also affect the first cost of a building. Even the means of procurement such as design-bid-build versus design-build could produce different cost results for the same building design. Professional cost estimators with current knowledge of these conditions apply their judgment of the impact on each project estimated. Because these factors are time and location driven, generalized estimates are unreliable.
Long-term life-cycle costs consist of those expenses for materials and labor necessary and desirable over the life of a building. Although some commercial and residential buildings are intended to last only for a few decades, other buildings of a public or institutional nature could last more than a century.
The durability of a building and its components is affected by the quality of the original design, materials, and workmanship and the conditions under which the building exists. Climate—temperature, humidity, wind, and other elements—varies widely from one location to another, and so will the building’s response. Repair and replacement costs correlate with the impact of age on the material and the severity of use and abuse by the building’s occupants.
Buildings require energy and personnel to operate. The design of a building directly affects the energy needs and costs. The quantity, skills, and time needed for operating personnel are also determined by the building design. Labor costs, including wages and benefits, are major components of life-cycle costs.
All building systems and most materials require maintenance—from lubrication to refinishing and cleaning, to name a few typical categories. If a building owner has budgeted properly for replacement and repair, these costs can be managed over time. However, if maintenance, repair, and replacement have not been performed regularly and systematically, long-term costs can increase significantly. Many of the technologies needed to mitigate the effects of biological and chemical airborne threats in or near buildings depend on regular maintenance and verification of continued performance. These costs need to be taken into consideration in the planning and design of buildings. Inadequate long-term
operation and maintenance budgets can defeat the performance of the building and its protection system.
An important consideration in designing building protection is the quantization of certain systems. Different levels of protection require different levels of technology to be installed. For example, a sophisticated biological detection capability must be installed for an LP-4 building (see LP-4 in Chapter 3) to provide timely and sensitive agent detection. The building has to be outfitted with the requisite technology to achieve LP-4. Setting up such capability is expensive and requires a major commitment in operations and operating budget. Irrespective of whether such capability is required for an entire building or for only a room within the building, the system and commitment level will be the same. Similar arguments can be made for many of the technologies discussed in this report (for example, filtration systems, detectors, triggers). In summary, monetary savings as a result of reducing the size of space to be protected has a threshold; when units are quantized, there is a minimum expenditure necessary to acquire the capability whether for a single room or for an entire building.
A systematic approach to threat and consequence assessment for building protection supports decision making by prioritizing and optimizing risk management strategies that meet performance specifications for the building(s). However, the ability to meet performance specifications depends largely on the available resources. Cost-benefit analysis is a tool for optimizing performance and expenditure.2 A cost-benefit analysis weighs the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. In the case of a building protection system, total expected costs in the analysis include life-cycle costs of the system such as installation and maintenance of high-efficiency filters and expected benefits such as reduction of vulnerability to an attack, decrease in number of occupants exposed, and limited disruption to operation in the event of an attack. Cost-benefit analysis has played an important role in guiding decisions on human health protection (EPA, 2001), and methods for analysis have also been developed and used for homeland security applications (SRA, 2006).
The committee cannot present a general cost-benefit analysis for building
protection because the costs and benefits of a protection system vary from building to building, but the application of cost-benefit concepts to building protection is discussed in this chapter. Strategies for optimizing the cost -benefit ratio for building protection can take many forms depending on the objectives. If the budget for protection is fixed, design tools (for example, the Immune Building Program’s Building Protection Toolkit [BPTK]) could be used to identify the combination of design options to obtain maximum benefit, such as decrease in mortality, morbidity, or health-related costs. In contrast, if a specific health protection (or other performance metric) must be achieved, then the analysis focuses on identifying the combination design options that achieve the specified requirement for the least cost. In most cases, however, the amount of money that authorities are willing to spend on building protection depends on the specific protection to be achieved. In other words, a decision is made whether an incremental increase in funds to achieve a specific decrease in health risk is worthwhile. In that complex situation, the cost-benefit analysis focuses on optimizing the ratio of cost and benefit. Traditional cost-benefit approaches that use comparable metrics (usually monetary values) for both the design cost and the health benefits are useful.
Cost-benefit analyses (CBA) for each building protection system might have to be updated several times during the life cycle of a system. The first round of cost-benefit analysis is used to get concept approval to proceed with a more detailed one. A detailed cost-benefit analysis would then be conducted early in the design phase of the protection system. After the detailed analysis has been completed, the development and implementation plans might call for a prototype system or a pilot phase to test the costs and benefits on a small scale before the full system is implemented for all users. If a pilot phase is needed, a third version of the cost-benefit analysis would reflect revised costs and benefits and would be used to decide whether to proceed with full implementation of the system. The post-implementation review of a system might require an updated cost-benefit analysis to determine whether the expected benefits are being achieved and to decide whether the operation of the system should continue as implemented or be modified to achieve benefits that justify continued operation.
ROLE OF TEST BEDS AND DECISION SUPPORT TOOLS IN THE DEPLOYMENT PROCESS
An important objective of the Defense Advanced Research Projects Agency’s (DARPA’s) Immune Building Program is to provide a workable test bed to further enhance decision making regarding building protection options (DOD, 2006). These options reflect multiple levels of control and protection at a defined level of risk. Furthermore, many combinations of protection may be employed to achieve a desired mission requirement or specification (for example, see Chapter 3 for different levels of protection). Decision support tools can be applied at the planning or design stage to identify the optimum combination of protection features
to achieve the specified mission goal and aid in decision making regarding tactics, responses, and remediation changes during and after an event. As noted above, the tools and approaches for threat, vulnerability, and consequence assessment are diverse. The subset of tools to provide comparative risk assessment and cost-benefit analyses are available and have been used in infrastructure protection applications to set priorities and to identify optimum resource allocation for buildings. Such tools are applied routinely in decision making related to implementing options for protecting human health. The DARPA Immune Building Program and related building protection efforts provide the opportunity to collect additional data to enhance threat, vulnerability, and consequence assessment tools. Also, test beds play an important role in data collection to support predictive modeling of threats, vulnerabilities, and consequences. Ideally, test bed facilities allow for testing of new technology options, such as sensors and filters, using a “plug-and-play” (that is, addition of a new device without reconfiguration) approach. In addition, such facilities provide the means to test the effect of alternative protection options on overall consequence, such as comparative risk. For example, the impact of physical security versus active ventilation systems versus operational tactical procedures on building protection can be compared. Test beds also allow information to be collected to fill existing data gaps, thereby improve the decision-making tools. Examples noted in presentations to the committee included data gaps regarding operations and management costs for building protection options and data on changes in building performance with aging. For these reasons, adequate test beds are needed to provide data for designing and refining threat, vulnerability, and assessment tools that facilitate decision making at the planning stage (building and design planning) and at the response and remediation stage.
A key criterion for assessing the value of maintaining a specific test bed facility is the extent to which the results generated by the test bed can be generalized or are applicable to other buildings of interest. Thus, the effectiveness and performance of various protective strategies (for example, impact of a new sensor on response time or fraction of building exposed) should apply to the buildings of interest.
Because none of the current test bed facilities fully represents all building designs or typical field conditions in most buildings, a series of virtual test beds representing each major class of buildings (see “Missions and Activities in Buildings” in Chapter 2) would fill data gaps and generalize lessons learned. Some technology-specific metrics are likely to be developed and refined, particularly for equipment evaluation (for example, sensor specificity and sensitivity, filtration efficiencies). Having a system for testing such technologies would also be an important feature of a building protection program. Nevertheless the ability to extrapolate the effectiveness and performance of a building protection system and all its components is needed. A critical evaluation of each test bed that exists is beyond the scope of this study. The committee is not aware of any sensitivity and uncertainty analysis that has been conducted to specifically assess the extent to
which any single finding from a test bed can be used to make inferences about the broad array of buildings of interest. Because protection performance varies even among buildings that appear similar, quantitative data on system performance in similar facilities are needed to better predict the level of protection achieved by a potential design. For example, are two buildings similar if they have the same square footage, but one has multiple floors and one does not?
Because of the complexity of building protection and the difficulty of extrapolating data collected from test beds to other buildings, the need for predictive decision tools will likely be addressed by simulation modeling. For example, data collected across a variety of demonstration projects and deployments could be used to enhance modeling programs such as BPTK (Bryden, 2006). Enhancing these modeling tools is highly desirable because no single test bed can provide the data needed for accurate prediction of consequences from a biological or chemical weapon attack for the diverse array of facilities of interest. Although BPTK or other models could be useful, they might need further validation because only a few operational test beds have been modeled and subsequently tested. Maintaining test bed facilities would provide the opportunity for further testing and refining of interpolative and predictive models. A tool that incorporates a systemic approach—melding and hardening of concept of operations—is clearly needed to capture the full range of potential options for meeting a specified design goal. Although there is not a set of universal metrics and criteria for evaluation that applies to all building protection, a tool for decision making will document what metrics and criteria are most appropriate based on the goals and objectives of protection.
Software tools are also available to reduce the burden of deploying results of risk assessment and risk management across complex facilities. Those tools, such as CounterMeasures™ (Alion Science and Technology, 2007), are being deployed across the DOD complex to provide commanders with a resource to allocate limited funds to protect facilities from terrorist attacks (such as improvised explosive devices), but not specifically from biological or chemical attacks. The tools capture the four activities of risk assessment and risk management in a calculational database. They require surveys of vulnerabilities and protective actions in place as input and provide a cost-benefit analysis—on a dollar basis—of the building protection deployment options as an output. The tools can be used for a facility or across many facilities. Such tools could be extended for upgrading building protection from biological or chemical airborne threats and might be useful for planning complex-wide deployments of a building protection program.
Tools that can address the complexity of costs and benefits of building protection are available to assist stakeholders with different protection requirements and implementation budgets in designing and planning their systems. The risk
and cost-benefit assessment tools used in conjunction with simulation tools lead to a decision-making process for the design and planning of building protection that is transparent (conclusions are defensible), comprehensive (addresses the complexity of the landscape), adaptable (can be modified quickly to address new information, such as detection technologies), and adjustable on the basis of needs (addresses the requirements of diverse stakeholders). Such a process would help to explain the choice of protection and justify its costs to diverse stakeholders.