Before a designer can recommend security measures for a facility, he or she must understand what people and property–the "assets" in security parlance–need to be protected.

Usually this assessment is quite straightforward, but the task gets complicated when trying to predict where threats may come. This knowledge has a direct bearing on what kinds of damage the designer must attempt to mitigate. "You can't even do the simplest facility assessment until you know what the threats are. What's the point?" says Bill McCarthy, an associate architect with RTKL in Baltimore. "You don't know whether you're protecting from a bomb-laden vehicle or a mere natural disaster."

The assortment of potential security problems facing any organization has always been limited only by the collective imaginations of its members. Since Sept. 11, unfortunately, peoples' imaginations have run wild, making it more difficult than ever for designers to make realistic security assessments and to assure their clients that everything within reason has been done to protect them.

The range of difficulty involved in predicting threats against persons and property runs the gamut from the obvious to the impossible. Some threats can be predicted using crime statistics, which are collected in vast quantities by the FBI and other law enforcement agencies. The assumption is that where crime has been committed repeatedly, it is likely to occur again. Thus, preventive strategies can be formulated and put in place where needed.

What law enforcement can determine using crime figures alone is somewhat limited because they omit many factors. CAPIndex, a firm in Exton, Pa., uses its own proprietary software, Crimecast, to analyze crime statistics, adding other factors such as victim and offender surveys, loss reports and other information. The software uses this information, taking into account what it calls the "social disorganization" of a specific area, to generate extremely specific reports and even detailed reports and maps about crime activity. The social disorganization component uses information such as the area's housing condition, economics, and population mobility, although an area's ethnic makeup is not considered.

"What our reports say is, ‘the people who live in your community are likely to commit this much crime,'" says CAPIndex Vice President Dan Kropp, who is a security specialist. "The best thing is to have a thorough assessment done, which would include all kinds of factors. The CAPINdex is only one of those factors. We're looking at the risk that the community poses to you, but there are other sources of risk. It could be unpredictable terrorism, but it also could be something that's directed at your business regardless of where you're located. A jewelry store has a different level of crime than an office building."

  • Violent crimes: murder, rape, kidnapping, parental kidnapping
  • Crimes against property: robbery, burglary, larceny
  • Organized crime: racketeering, interstate transportation violations
  • White-collar crime: fraud, money laundering, computer intrusion
  • Terrorism
  • Foreign counterintelligence
  • Civil rights

Unfortunately, statistical reports on crime are seldom revelatory unless a person is unfamiliar with the area they cover, or crime patterns are shifting in some way that is counterintuitive.

Crime is usually more severe where economic conditions are worse, so people are more aware of it. People have always been tempted to empty banks of their contents, so their security has always been sophisticated. Closed-circuit TV is now standard in even the tiniest bodegas. In fact, video surveillance equipment is so inexpensive and easy to use that installing it as a security tool is considered as ordinary as putting in HVAC.

Some institutions offer no material gain for attackers, but either their function or politics make them probable targets. Abortion clinics, for example, may attract trouble in some parts of the country. These entities often have had threat assessments done and understand their opponents and the disruptive tactics they are likely to use. They may gather intelligence on possible threats from past knowledge of the actions of specific individuals or groups, analysis of threatening messages, and experiences of peers. Such organizations are prepared for trouble, but are usually reluctant to discuss publicly what they know about potential threats.

One of the greatest difficulties in assessing threatening individuals or groups is predicting which ones will only threaten, and which are likely to actually act on their violent urges. Gathering intelligence on individuals to support those judgments must be done carefully because it can impinge upon civil rights. The analysts responsible for determining how dangerous someone is may walk a fine line between gathering intelligence to protect their clients, and committing actionable harassment toward subjects they are investigating.

A potential attacker's actions may be well planned, or they may only occur if the perpetrator happens to see an opportunity. In these cases, architects and engineers can use environmental design to discourage potential offenders by isolating them and restricting their access to areas where they might pose a danger to assets. Many security consultants say that exterior security lighting that complies with recommendations of the New York City-based Illuminating Engineering Society of North America, is one of the most cost-effective security measures available.

"Security tends to deal with statistical anomalies," says Randy Nason, a consulting engineer with C.H. Guernsey & Company, Oklahoma City, "As you get to more serious crimes–the acts of terrorists–the number of occurrences goes way down, and the statistics become unreliable; therefore, crime statistics are not accurate predictors of most security-related incidents, especially terroristic events. These events do not tend to be initiated by individuals who are represented by the census data where the event occurred."

What's more, the U.S. is so rich with targets that are of symbolic importance or comprise an essential or irreplaceable piece of infrastructure, that it is impossible to guess what may be hit. Such violent acts cause disruption, injury or loss of life that causes people to be anxious and to worry that they cannot control what happens in their world.

When unexpected incidents do occur, they garner a disproportionately greater amount of attention from the news media, compared to more typical, everyday mayhem. This has the effect of making people still more anxious, because the anomalies are made to seem more commonplace than they really are.

No matter what might be known about a threat, deterrence is the first line of defense. "What I really try to do is to get the bad guys to go somewhere else," says Nason. "The root causes of crime are sociological, and I can't address those. Instead, I want to make my clients so strong that the bad guys decide to go somewhere where it is easier to do whatever they're going to do. "

CRIMECAST MAP CAPIndex shows the crime risk for census tracts starting near the mid-town Manhattan office building that houses Architectural Record and Engineering News-Record. A 95 means the risk is 0.95 times the national average; 709 men as it is 7.09 times the norm. (Map coutesy of ©CAPIndex)

Any number of things can cause someone who wishes to do damage to go elsewhere. Security measures may make it difficult for the crime to succeed, or they increase the likelihood that the perpetrator will be recognized and apprehended on the spot, or can be identified later. Barriers can discourage those who would either deliver an explosive device using a vehicle, or actually turn the vehicle itself into a weapon. Identity card systems can keep people out of prohibited areas, and the visible presence of closed-circuit TV cameras might prevent people from thinking criminal acts can be committed unobserved.

No protective measures will deter the most determined criminals, and some are actually motivated by the challenge of attacking something that is well guarded.

Protection is always limited by practical considerations, such as how much money can be spent, how much a facility can be modified before its original purpose is defeated, or by the limits of available technology.

A low level of protection could mean that a building would be hardened just enough to keep it from collapsing. A high level of protection could mean that a building would only suffer minor damage in a blast. Facility managers must determine how much loss is acceptable and the extent of security measures that can be taken before these steps become a source of disruption in themselves.

"Consider a federal building in an urban setting," says Nason. "Maybe the threat is a vehicle-borne bomb, or a package bomb left on the sidewalk. You can't control what a terrorist might leave behind. The setback distance from the device to the building may be on the order of 15 ft. You can't necessarily change that. At that distance, the overpressure of the blast will probably be more than the existing windows can withstand. You can apply film to the inner surface of the windows that will withstand over-pressures of 4 to 6 lb per sq in. (psi), or you can retrofit with laminated glazing to withstand 8 to 9 psi. But, the overpressure from the device could be in the thousands of psi. We don't have anything that can cope with that."

Nason says that most clients will choose to install the window film. It is comparatively inexpensive as a retrofit solution. Laminated glazing would probably provide more resistance but involves replacing every window in the building. "Most people don't go for that option on an existing building," he says, adding that in these frightening times, if something does happen somewhere, no one will wish to be accused of having taking no preventive measures.

As security consultants evaluate threats and implement new protective measures, it is important that they understand the organizational culture of the company or institution where the changes will take place. How much "safety" are people willing to tolerate? The security consultant must also see that corporate or institutional clients buy into changes being made, or they will not work. Ordinary people and criminals alike are perceptive enough to discern difference between real security measures and those that are "ceremonial."

"We live in a different society now, and our workplaces will reflect that," says Nason. "It is crucial that people understand what motives are behind upgrading security, and how and when it will happen. It is very important for those initiating these improvements to keep open discussions with those who will be affected. Most people will buy in. Others will resist it forever."

Introduction: Building For A Secure Future

Feature: Environmental design

Feature: Government

Feature: Buildings

Feature: Bioterrorism

Feature: Transportation

Feature: Glass safety