Disaster Recovery Journal

From a homeland security standpoint, typically office, storage, and manufacturing buildings are not the subject of a man-made disaster, such as a terrorist attack. Such attacks would typically limited to critical locations such as "key" government buildings, so-called "symbols of democracy," transportation centers, nuclear power plants, and locations where "products of war" are produced (e.g., airplanes, helicopters, missiles, and other combat-related items). Nonetheless, standards are emerging for property owners and building managers to assess the vulnerability, or risk level, of their site and its facilities to a possible terrorist attack.

Typically, these assessment evaluations include potential vulnerability and risk levels based on the visibility of the building, the criticality of the site to the jurisdiction in which it is located, the impact that the facility has outside of its jurisdiction, the accessibility of the site has to the general public, possible site-related hazards from both a manufacturing and storage standpoint, the site’s population capacity and, lastly, the potential to create mass casualties if the site is attacked. While these variables seem diverse and complex, it is possible to assess a site’s potential vulnerability and risk by rating a facility using these criteria and a numerical ranking process for each category. The final score, or assessment rating, determines the site’s potential exposure to a possible terrorist attack.

A site’s vulnerability rating can be determined using the following nine variables, and ranking the response to each potential risk category using a six-point scale ranging from zero to five points. The lower the numerical ranking in each category, the lower the vulnerability or risk level of the site. Conversely, the higher the ranking the greater exposure the site has to a possible terrorist attack. The nine assessment criteria contained in this ranking process, as well as the rating scale used in each category, are explained in detail below.

Vulnerability Assessment

The nine criteria, or variables, selected for this building vulnerability assessment include the visibility of the site, the criticality of the site to its jurisdiction, the impact of the site outside of the jurisdiction in which it is located, and public accessibility to the site itself. Other criteria include a review of the possible hazards located at the site, the height of the structure, the type of construction, the population capacity of the site, as well as the potential for collateral mass casualties if the site is attacked. These rating classifications, along with various risk levels, are explained in greater detail below

Question one relates to the level of the site’s visibility using the following scale. Rating level zero equals "invisible," where the location is a "classified" or a "secret" location unknown to the general public. Ranking level one assumes the site has a "very low visibility," which also assumes that it is also a so-called "secret" and "classified" location, which is only known by a few people. Rating level two represents that the site has "low visibility," meaning the knowledge of its existence is public but generally not too well known. The third rating level should be used when the site has a "medium visibility," which is used when the existence of the facility is only known locally. Ranking level four means the site has a "high visibility," which translates into the fact that the existence of the site is typically known throughout the region. Lastly, ranking level five is used when a site has a "very high visibility."

The highest vulnerability assessment rating is only used when the site’s existence, and purpose, is typically known nationally by members of the general public.

Question two focuses on the building’s or site’s criticality, or importance, to the jurisdiction (e.g., city or town) in which it is located. This includes an assessment of the impact that the site’s assets have on the local population, economy, and/or government. The six possible assessment rankings in this category include rating level zero for "no usefulness" whatsoever, rating level one for "minor usefulness," rating level two for "moderate usefulness," rating level three for "significant usefulness," rating level four for "highly useful" and, lastly, the use of the highest ranking level, five, when the site’s assets are "critical" to the city or town in which it is located.

This last assessment-ranking category is only used when a site or building is critical in its importance to the general area in which it is located using the above criteria and six rating level considerations.

Assessment category three examines the impact that the site or building has outside of the jurisdiction in which it is located. The question asked is "What affect would losing the facility have outside of our county?" The possible assessment rankings using the six-point scale include rating level zero for "none" (no impact), rating level one for "very low" impact, rating level two for "low" impact, rating level three for "medium" impact, rating level four for "high" impact and, lastly, rating level five for "very high" impact This subject deals with the potential negative impact of losing the site or building on the areas’ population, economy, and/or local government.

This last assessment ranking is only used when a site or building serves as a large employer, has a significant impact on the local economy, and/or has a close and vital working relationship with its local government.

This assessment category asks about possible access to the site or building. The exact question posed is, "How accessible is the site?" The six possible ranking levels for this category range from "restricted" access to "unlimited" access.

The possible ranking assessments for this question are listed as follows. The ranking level zero stands for "restricted" access, which means that the site or building is patrolled 24/7, is fenced, alarmed, is equipped with security cameras, has controlled access that requires prior clearance, contains designated parking (with the requirement that no unauthorized vehicle can park within 300 feet of the facility), and has protected airspace and entranceways. The other possible assessment rankings account for the fact that the site is more "open" in its nature.

A rating level of one means the site has "controlled" access, which means the facility has a 24/7 security patrol, is fenced, has controlled access to vehicles and personnel, contains designated parking including a restriction that no unauthorized vehicles can park within 300 feet of the facility, and that the site has protected airspace and entranceways.

A ranking level of two means that access to the site is "limited" in nature. This means the site has security guards at the main entrance during regular business hours, is fenced, contains a security alarm, has controlled access for visitors, has designated on-site parking, and the requirement that no unauthorized vehicles can park within 300 feet of the facility. This rating level also includes the fact that the site has protected airspace and entranceways.

The third assessment rating level stands for "moderate" access, which means that the site and building have controlled access for visitors, has security alarms after regular business hours, has protected airspace and entranceways, contains designated parking areas, and has the requirement that there can be no unauthorized vehicles parking within 50 feet of the facility.

Ranking level four means the site has "open" access. This assessment rating means the site is open and has public access during regular business hours, has few if any safeguards in place, and also contains unprotected airspace and entranceways.

The last assessment ranking level in this category, rating level five, means the site has "unlimited" open access to the public, has no safeguards in place, and also has unprotected airspace and entranceways.

This rating category includes the assessment of the site relative to on-site hazards. This ranking area is for the assessment of the presence of legal weapons of mass destruction (WMD) materials, as well as chemical, biological, radiological, nuclear, and explosive (CBRNE) materials in quantities that could make the site a target for a possible terrorist attack, or would complicate the public response to a terrorist incident at the site if one took place.

The possible six ranking levels for this category include "none" to "high" as follows. Rating level zero means that "none" of the possible WMD/CBRNE materials are located on the site. Rating level one means "minimal" WMD/CBRNE materials are present in moderate quantities, but they are controlled. Rating level two reflects a "low" hazards exposure and means that WMD/CBRNE materials are present in moderate quantities, but they are controlled. Rating level three reflects a "moderate" hazards exposure, which reflects there are major concentrations of WMD/CBRNE materials that have established control procedures, and that these materials are secure in the site. Ranking level four reflects a "high" degree, or major levels or concentrations of WMD/CBRNE materials are located on the site with only moderate control features in place.

The last rating criteria in this category is level five, which stands for "very high" presence of WMD/CBRNE materials on the site. This ranking assessment means major concentrations of WMD/CBRNE materials are located on the site, that no safeguards are in place, and this material is readily accessible to employees as well as non-staff personnel.

This vulnerability assessment category includes a review of the height of the structure, which ranges from underground to a skyscraper. The six possible rating levels in this category are highlighted below. Rating level zero indicates that the entire structure was built "underground," and little or no damage would result from an above ground terrorist attack to the site. Assessment level one recognizes that the structure is only a "single story." Rating level two means the structure is a "low rise" one, or a building that is less than five stories in height. Assessment ranking three represents a "mid rise" structure, or one that is from five to 11 stories in height.

The last two assessment rating categories, four and five, are for buildings that fall into the high rise and skyscraper categories. The level four ranking level designates a "high rise" structure, for a building that ranges from 12 to 29 stories in height. Lastly, vulnerability assessment ranking level five acknowledges that the verticality of the structure falls into the highest level, or "skyscraper," category. This means the building structure is taller than 30 stories. Since skyscrapers in America’s cities are few and far between, not many buildings would fall into this "highest" category.

This category of assessment recognizes the composition of a building’s construction. The six possible options, or "toughness" of construction ratings, include the following ranking levels. Assessment rating level zero acknowledges that the structure was completely built "underground," which has the lowest vulnerability level from an attack perspective. Rating level one represents a "hardened" structure, or one that is protected by earth berms and embankments. Assessing ranking level two means that the building is constructed with "reinforced concrete," or has steel beams within its structure.

The next three assessment levels in this category include buildings constructed with steel beams, masonry, steel studs, and wood. These ranking options include level three for buildings constructed with "structural steel or masonry," assessment level four represents "light" frame" structures, which typically contain steel studs, and vulnerability ranking level five which means that the building is a "wood structure," the most vulnerable type of structure from a terrorist standpoint.

This assessment-ranking category relates to the maximum number of individuals at the site or building at any given point in time. The six possible assessment rating level responses range as follows: rating level zero indicates that no population whatsoever is located at the site.

Level one means that from 1-250 people are located at the site. Rating level two represents 251-5,000 people; rating three represents 5,001-15,000 people; rating level four represents 15,001-50,0000 people; and rating level five represents more than 50,000 people are present at the site at any given time.

This vulnerability assessment category includes a review of the maximum number of people within a one-mile radius of the site, which reflects the potential for collateral mass casualties should a major terrorist attack take place.

The six possible assessment ranking responses in this potential collateral damage category include the following: rating level zero stands for 0-100 people, rating level one means 101-500 people, rating level two includes 501-1,000 people, rating level three represents 1,001-2,000 people, rating level four reflects 2,001-5,000 people, and lastly, a response in rating level five represents that 5,000 or more people could be killed by a successful terrorist attack to the site.

The following figure sets forth the above vulnerability assessment criteria, and the ranking levels for each category, in a more abbreviated format.

Vulnerability Assessment Form

Site Vulnerability Rating

The total number of points from the above nine ranking categories should be between one and 45. The total points for this assessment are broken down into four possible categories of vulnerability, or risk, levels as follows: negligible, low, medium, high, and critical. These four categories of vulnerability rankings resulting from this numerical assessment rating process are shown below:

Based upon this site’s, or facility’s, vulnerability assessment ranking, the owners or managers of the site or building may wish to take a number of common-sense remediation measures to offset the potential vulnerability of their facility to a possible terrorist attack. These measures include, but are certainly not limited to, providing perimeter fencing, installing parking security safeguards for both employees and delivery persons, purchasing on-site surveillance cameras, using landscaping and vertical impediments to preclude vehicles from getting to close to the site, obtaining some type of employee identification recognition process, as well as using security guards to protect the facility against possible purposeful human wrongdoing.

v