Conclusions and Recommendations
Just as it is impossible to protect every citizen in every city from terrorist attack, protecting buildings operated by the Department of Defense (DOD) or within the civilian community will be imperfect, difficult, and costly. It is, however, feasible to systematically consider the options and implement those that are most cost-effective to achieve the defined goals and objectives of the facility. As the committee was conducting this study, many technical and behavioral issues were considered, but several stand out: all buildings are unique; buildings change and require maintenance and repair as they age; and detection and identification technologies have improved greatly in the last 20 years, but there are technical barriers that might not be overcome. The defense community needs to be cautious about seeking specific technical solutions too quickly without adequately considering simpler and often less expensive operational solutions. The complex and dynamic challenge of protecting humans and maintaining operational missions in buildings that might be at risk of an unknown attack with biological or chemical weapons can be addressed only if all the relevant factors are considered.
Recommendation 1: Clear and realistic building protection goals and objectives should be defined prior to deploying protection systems.
The Defense Threat Reduction Agency (DTRA) and other entities implementing building protection systems should clearly define the goals and objectives of building protection before and during the design phase or change of mission within the facility. In defining the goals and objectives, DTRA needs to identify and prioritize the critical resources that must be protected.
Recommendation 2: Building protection systems should be designed and implemented on a case-by-case basis for each structure to be protected.
The design and implementation of an appropriate and effective building protection system depends on many factors. These include the architecture, quality of construction, and condition of the building to be protected; the components to be used in the system (such as sensors and video monitoring); and the financial resources allocated for its design, implementation, and maintenance. To further complicate the matter, every building is unique because of the variations in its architecture and design, the materials used in and personnel who performed its construction, and wear and tear. All of these factors should be systematically considered before funds are committed to implementing building protection systems.
Recommendation 3: Life-cycle costs should be planned for prior to deploying building protection systems.
The complete life-cycle cost of a building protection system—including cost of planning, purchase, installation, maintenance, operation, and upgrade of all its components—should be considered prior to developing and implementing a building protection program. An effective building protection system requires proper integration of security technologies with building architecture and proper use of the system by building occupants. Integrating a protection system at the time of construction is typically less expensive and more efficient than retrofitting. Moreover, a building protection system will not be effective if it is not properly maintained, a significant consideration in life-cycle costs. A poorly maintained system quickly compromises the level of security expected of that system, leads to a false sense of protection, and could result in disruptive and expensive false alarms. For example, a high-level active protection system (level of protection 4 [LP-4], as described in Chapter 3) would only have performance equivalent to a passive protection system (LP-1 or LP-2) if the sensors are not maintained. Like passive filters, components of sensor systems have defined lifetimes and must be replaced periodically. They also need to be calibrated and tested for performance periodically. Therefore, a functional building protection system is not a one-time investment, but requires monetary resources for maintenance, repair, replacement, and upgrade of the system and its components. Finally, it is the exception within the federal government to budget for operation and maintenance costs, such as those that will be involved in building protection. Because these costs are likely to be higher than anticipated, advanced planning and budgeting are necessary to avoid loss of protection capability because it is seen by ultimately responsible local commanders as less important than the core mission.
The components to be used in a protection system are determined partly by the budget. Active protection systems tend to be more expensive than passive
ones. State-of-the art sensor systems alone do not provide full protection; they need to be complemented by operational response plans. Although advances are being made in sensor technologies, more progress is necessary to determine how best to integrate them into systems and the implications for concepts of operation. Research would include systems studies to determine sensor locations and associated sensor requirements and appropriate concept of operations, along with validation of sensor performance in operational conditions (test beds or deployments). In addition, there is a need to consider the fragility and costs of operating and maintaining the sensor systems. Given the changing threats and life-cycle costs of advanced protection systems, it is possible that the most cost-effective and adaptive approach to protection for most buildings involves generic sensors that trigger only low-regret responses or even totally passive systems related to heating, ventilating, and air-conditioning (HVAC) without sensor technologies. Thus, inclusion of sensor technologies in a building protection program requires careful and systemic evaluation that weighs the costs and benefits of systems in a given potential spectrum of threats. Test beds provide an opportunity to collect data that can better inform the decision for future deployments.
Not all solutions to protection lie with detection and identification technology. A few solutions reside in building codes or regulations, though some are found in good design and construction practices. For example, building classifications exist on the basis of construction and ability to withstand fire, wind, seismic, and explosive events, but there is no building classification scheme for resistance to biological or chemical threats. Likewise, there are no uniform standards for establishing such classifications through standardized tests or metrics. Such standards and classifications could be developed by government or industry agencies, and DOD would play an active role in their development. Because of the limited protection offered by a modern “healthy building” and the better performance of advanced sensor systems in these environments, standards developed for healthy buildings will have positive impacts on building protection. Whether the protection system is active or passive, it needs to be evaluated periodically to ensure that protection goals are met.
Recommendation 4: Because goals and objectives for protection drive the choice of building protection system for each installation, metrics for a building protection system should be based on these same well-understood, clear goals and objectives.
The metrics for evaluating the effectiveness of building protection should be defined on the basis of the goals and objectives of protection. For example, if the goal is to maintain critical activities, metrics for evaluation might be continuity of operation and time to recover from an incident or to restore services. If the goal is to protect occupants, then metrics might include fraction of occupants exposed (FOE) or lives saved. Other criteria for evaluation that must be considered
include life-cycle costs of the system, including the maintenance and operational cost of the system and its components.
Capturing data for some metrics is easier than for others. Thus, the ability of different metrics to accurately measure or estimate performance of a building protection system should also be considered in metric selection. For example, even though FOE might be a preferred metric to fraction of building exposed (FBE) for predicting adverse consequences to occupants, FBE might be selected in some cases where it is more feasible to estimate reliably. Based on these considerations, the committee cannot recommend any specific metric over another (see Chapter 4 for different possible metrics) but suggests that the selected metric be justified by the user as part of applying a systematic decision-making process for evaluating building protection.
Because biological and chemical attacks against buildings are rare events, performance evaluation of building protection systems in test beds will be necessary. The evaluation of sensors in a laboratory setting does not typically provide the sensor performance data (such as detection limit, false positive rate, and false negative rate) needed for designing building protection systems because of complex and variable backgrounds in buildings. Test beds, field studies, or deployments are valuable for evaluating the performance of individual sensors in building backgrounds and the performance of integrated sensor systems and building protection systems (with or without sensors). One advantage of test beds is that they can be configured and challenged in ways not possible in an operational facility.
For a test bed to be useful, an understanding of the extent to which technological performance results can be generalized to buildings of other types and for different missions is important. The extent to which technological performance results could be generalized varies. Because of the uniqueness of each building and the complexity of building protection systems, setting up test beds for each of the four levels of protection (described in Chapter 3) is impractical. However, an integrated test bed could be useful for testing aspects of building protection components and systems that could be applied to other buildings. Modeling and simulation methods could be developed and used in combination with experimental data to apply lessons learned from aspects of building protection components and systems within test beds and operational deployments to other buildings.
Having documentation and uniform protocols is important to obtain the most value from test beds and operational deployments. A continually evolving operational deployment such as the Pentagon could provide valuable real-world experience and data comparable to those obtained in test beds if all tests are well documented and standardized. For operational facilities or test facilities, establishment of uniform testing protocols to test effectiveness and validate protection systems would make their results useful to others. For example, information on degradation, maintenance, and operational and life-cycle costs (real
and intangible) of building protection systems (including filters and HVAC, if applicable) could be collected in the test beds and existing deployments and used as points of reference for future cost analyses. Finally, data from a standardized but less comprehensive test protocol developed for use during commissioning of operational (non–test bed) facilities could be collected and fed back into virtual modeling programs to periodically upgrade the rigor and value of virtual testing and design resources.
Recommendation 5: Prior to implementation of a building protection program, the Department of Defense should establish a complete framework for building protection that guides decision making for each building to be protected. The decision-making framework should consider the following steps: (1) defining the objectives of building protection; (2) preparing a threat assessment; (3) establishing a risk assessment; (4) developing a case-by-case plan for building protection; (5) conducting a risk management analysis; and (6) analyzing costs and benefits using appropriate metrics and modeling and simulation tools as needed. The complexity of the steps in the framework and the time required for each step will depend upon the program and building protection objectives.
Designing and implementing an appropriate building protection system depends on the interactions of many factors—budget, objectives of protection, activities in the facility, location of the facility, and so on. Therefore, general principles apply, but a generic model for protection cannot fit all buildings. Rather, building protection has to be considered on a case-by-case basis. Thus, the committee can only provide guiding principles for designing and implementing a comprehensive decision-making framework for building protection that integrates risk assessment and risk management throughout the design, implementation, and deployment processes. Based on the current process of building protection reviewed above, the committee proposes some guiding principles:
Define the goals of building protection (for example, maintenance of operations or protecting occupants). The goals play a role in determining the levels of protection sought. Metrics for evaluating performance of the protection system can then be determined based on the goals.
Prepare a threat assessment. For each building, a threat assessment determines the possible threats and their likelihood (on the basis of current intelligence and vulnerabilities of the existing or planned facility). Because the threat type is uncertain, threat assessments are typically prepared in the following order: for the entire complex, for the facility type, for the location of the facility, for the mission or activities at the facility, and possibly for the current state of alert.
Develop a risk or consequence assessment. The results of the threat and vulnerability assessment are used to prepare a risk or consequence assessment. The risk assessment establishes consequences for the various threats in the con-
text of vulnerabilities, and then ranks the possible threats and outcomes based on the requirements of the facility (for example, continuity of operations; limited personnel exposure). The risk assessment provides trade-offs in benefit for different levels of building protection and would capture uncertainties in the threat and effectiveness of the detection and response options.
Conduct a risk management analysis. A risk management analysis is used to manage uncertainties in the effectiveness of different protection options. Analyze costs and benefits. The combination of risk assessment and estimated life-cycle costs provides a cost-benefit analysis of the protection options. Because a facility is part of a larger complex and the life-cycle cost of building protection is high, trade-offs across the complex must be done to consider retaining complex-wide function within a limited complex-wide budget.
Develop a case-by-case plan for building protection (see Appendix E of DOD, 2005, for an example) that provides different options at different costs and then a building complex-wide analysis for allocation of limited resources.
When construction (or retrofitting) begins, ensure throughout that the most up-to-date building plan is used, that all building modifications and plans are properly documented, and that the building is well constructed and maintained at all times.
Modeling and tools for simulation that can take into account different inputs for different buildings, protection systems, and costs need to be tested and validated before they become cost-effective resources for designing and identifying gaps in building protection. Building protection has not been tested extensively for efficiency and efficacy under a range of scenarios. Furthermore, the actual risk of biological and chemical attack is unknown. Thus, the effectiveness of current concepts of building protection accomplishing a mission is uncertain. Although models have been developed to assess the impact of threat types, they could be strengthened with broad application, as well as testing and feedback, because existing models do not cover many scenarios. Modeling and simulation tools used to trace the impact of threat agent releases can be effective only if they are developed based on the goals of building protection set forth through a complete decision-making process.
Although the above principles will apply to many buildings, deployment of building protection is dominated by a case-by-case analysis and implementation because of the uniqueness of each building, its mission, and its location and the current threat. Therefore, the above approach should be tailored to match the current perceived threats, known vulnerabilities, and the development of likely detection technologies in order to provide a balanced evolutionary path from the current state over the next 10–15 years.
Decision support tools can be used at the planning or design stage to identify the optimum combination of controls to achieve the specified mission goal and can aid in operational decision making regarding tactics, responses, and remedia-
tion changes during and after an event. Comparative risk assessment and cost-benefit analysis approaches can aid in all stages of decision making.
The combined decision support system for building planning would do the following:
Capture the possible conflicting requirements of a variety of deployments (for example, protection of people versus property);
Compensate for uncertainty in input data and performance achieved;
Resolve conflict in expert input or data available;
Possess the ability to determine knowledge or operational gaps in input data or operational approaches, respectively; and
Provide a defensible approach where conclusions can be matched to data and process, and can be adapted to change as threat, test, and operational data become available.
Once a framework for building protection is established and validated by deployments, it can be used to develop standardized building protection responses that capture “best practices” from comprehensive considerations of threat types and cost-benefit analysis across many building types. The development of standardized building protection responses does not infer that consideration of building protection on a case-by-case basis is unnecessary. Rather, it recognizes that as experience is gained in building protection, it might become apparent that some classes of building types and uses might require similar deployments for protection.
Recommendation 6: Building protection should be designed to accommodate changing building conditions, emerging threats, and changing technology. Both the deployed building protection and the framework for deploying the building protection (proposed in Recommendation 5) should be reviewed periodically for sustained performance in light of changing resources and threats.
Plans should include having a building’s protective design tested and reevaluated for performance, and revised or replaced in order to respond to changing parameters and needs. The spectrum of threats is ever changing so that the risk analysis for each building might be unique and changing as well. Buildings also evolve over time through aging, wear and tear of use, and the effects of climate. A lot of attention and funding have been focused on sensor and detection technologies. Human factors and concepts of operations have to be considered as well. New buildings could have an infrastructure (for example, power, communications, space) that allows for installation of new protection components as they become available. Although building protection has to be developed on a case-by-case basis, generic principles can be applied to many buildings and situations. The establishment of a systematic process that weighs the different
options should guide decision making. Such a process would help DTRA and other agencies to design appropriate protection systems that optimize protection within the physical limitations of the building, technological limitations of the components (such as HVAC, filters, and sensors), and financial constraints. Developing the process that takes into account all the input for design to optimize output will incur additional costs up front, but the committee believes that the utility and ultimate cost savings of the approach will well justify this initial cost increase. To sustain the performance of a deployed building protection system or the framework to support its deployment, deployed building protection systems and their corresponding deployment processes should be reviewed periodically to assess whether they align with changing building conditions, building design methods, sensor and protection technologies, and threat types.