Infrastructure & Building Risk Assessment on New and Existing Buildings

Transcription

1 Infrastructure & Building Risk Assessment on New and Existing Buildings E. Scott Tezak, PE, BSCP Security Practice Lead, TRC Companies Lawrence Fitzgerald, CPP, PSP Security Group Leader, TRC Companies 1 Why Perform A Risk Assessment? Are you concerned about current events and how they impact your employees, clients, and facilities? Do you have an upcoming project? Large capital infrastructure investment Signature capital improvement / addition Do you have aging infrastructure / aging systems? Does your organization lack safety and security program documents, technology solutions, and physical solutions? Do you need assistance organizing a 5, 10, 20 year safety and security plan for your organization? 2 1

2 What Type of Risk Assessment? Safety system inventory? Security system inventory? Threat assessment? Vulnerability assessment? Threat and vulnerability assessment? Risk assessment? Detailed engineering security assessment? In 2003 (only 2 years after 9/11), a DHS study on TVAs compared over 45 different methodologies that were in use at that time 3 Integrated Rapid Visual Screening (IRVS) with ISC Module IRVS v5.0, 2013 BIPS 04: Building Assessment, 2012 BIPS 02 and 03: Tunnel and Bridge Assessments, 2011 BIPS 11: Interagency Security Committee (ISC) Assessments, 2013 Multiple Configurations and Options Standalone or Network / Multi-user ipad app Capability Web Data Extraction Capability 4 2

3 Part 1: The IRVS Methodology Written by DHS/FEMA for use by state and local agencies Government / commercial sectorspecific plan (NIPP) Provides framework and methods that can be adjusted Free, non proprietary Method Database Training 5 Part 1: The IRVS Methodology Risk = (Threat Value) x (Vulnerability Value) x (Asset/Consequence Value) 6 3

4 Part 1: IRVS Database Objectives: Risk Analysis of mission critical functions, assets and supporting infrastructure systems COOP Analysis: Prepare, Respond, and Recover Organized storage / retrieval of: reports, pictures, diagrams, GIS products, miscellaneous documents, Free Product for all Federal, State, Local, Commercial users Stand-alone system: MS Access database Basic IRVS Screening Current Modules: buildings, subways, and tunnels Categorizes 15 building types and 20 hazardous events: Internal and External of Blast, CBR, earthquakes, floods, wind, landslide, and fire. Risk Summary: Threat, Vulnerability, Consequence of Loss, Resilience. Tailored evaluation (up to 272 questions) Tool interactions are automatically calculated by preassigned weights, interaction logic, and context-based algorithms. Risk is based primarily in target attractiveness (for manmade hazards). Process Pre-Field Actions: Tailor Threats/Hazard: Blast, CBR, earthquakes, floods, wind, landslide, and fire Tailor Resiliency: Government, School K12, Business/Financial, Retail, Medical, General Field Activities Consequences Assessment, Threat Assessment, Vulnerability Assessment, Resiliency computations Post Field Activities Summary Calculations / Reports 7 Part 1: IRVS Database 8 4

5 Part 1: IRVS Database Component Dashboard: Listing Completed / Scheduled Display on Google Earth Site Risk Summary: Threat, Vul., Consequence, Resiliency Total Risk Summaries: All screenings 9 Part 2: The ISC Methodology ISC Risk Management Process Undesirable Events (UE): DBT: 29 events (may add more) Set Necessary LOP (1-5) for each event Event only applicable to certain Criteria Criteria: ISC starting point: 86 criteria Each Criteria split into 5 Levels of Protection Dashboard: Completed / Scheduled Events Results Pictures, Files, Reports: Analysis Graphs, Status of each Criteria, Comparison Matrix, Charts, Photos, GIS 10 5

6 Part 2: The ISC Methodology Step / Action Determine FSL Reference Document Facility Security Level Determination for Federal Facilities Identify Baseline LOP and Countermeasures Identify and Assess Risks Physical Security Criteria for Federal Facilities Physical Security Criteria for Federal Facilities: The Design Basis Threat (U) Determine LOP Required to Address Risk or Highest LOP Physical Security Criteria for Federal Facilities: The Facility Security committee Implement Countermeasures Physical Security Criteria for Federal Facilities: The Design Basis Threat (U) Measure Performance Use of Physical Security Performance Measures 11 Part 2: ISC Database Component 12 6

7 Part 2: ISC Database Component 13 Part 2: ISC Database Component 14 7

8 Case Study 1: IRVS During Design Phase Renaissance Square Transit Center Rochester Genessee Regional Transit Authority 15 Transit Center Project Scope 87,000 square foot Center 30 Bus Bays 26 indoor, 4 on Mortimer Entrances on St Paul and N Clinton LEED Silver Certifiable Access Controlled Gates Video Surveillance System Security and Operations Control Room Customer Amenities Restrooms Family restroom Ticket Vending Food Vending Operator Amenities Concourse restrooms Break room Operator kiosks Tap in sign in 16 8

9 Security Scope Perform TVA using IRVS w/ ISC Module Applied the recommendations of the TVA to the design An important effort that ensured RGRTA was aware of Mitigation being implemented Level of protection being provided In addition to 50% and 70% reviews Calls with design build team Dialogue with RGRTA on residual risk Final report links design to SSMP 17 Incorporating Security Into Design Influenced site design Bollards Fencing/gates Lighting Influenced building design Protection of select structural elements (man made threats) Roof enhancements for snow loading Glazing protection (man made threats and natural hazards) HVAC system modifications (man made threats) 18 9

10 Results of the TVA / Design Review 53 mitigation actions proposed for the site and facility 39 actions incorporated into design 14 actions incorporated into plans and procedures 74% of actions resulted in physical improvements to the design of the site / facility Opportunity to implement CPTED during design phase (not post construction) Engaged local PD and Fire into design for Security Emergency response 19 Case Study 2: Statewide Facility Security Assessments 20 10

11 Program Needs Driving Assessments Security Mission Statement and Standardized Approach to Integrated Security Security Plans, Policies, and Procedures Enterprise Security Management Systems and Command Centers Site Specific Integrated Electronic and Physical Security Systems 21 Putting Assessments to Practical Use Establishing Security (and other) Standards only part of the process Site assessments need to be performed to document existing conditions and identify gaps, variation will be high Buildings owned/operated by other State entities Buildings managed and operated by contracted firms The right Standard, evaluated with an integrated assessment, will provide A clear understanding of security posture A compliance/non compliance with new Standard A road map of required projects/investments to address gaps in site specific security programs 22 11

12 Customized Site Summaries Standards Program sets ISC criteria as the security standard / Levels of Protection (LOP) Assessments were used to identify Existing conditions Program needs Database stores findings and data Customized Site Summaries provide Site summary Projects needed to meet desired LOP Rough Order of Magnitude (ROM) Cost Estimates 23 Report Contents 24 12

13 25 Applications to Non-Federal Clients State offices of facility management State agencies with high profile public interaction Regional transit entities County government faculties management Modified versions (based on the process) Utilities sector Local government (Note: ISC Module requires a Federal sponsorship) 26 13

14 Questions / Comments E. Scott Tezak, PE, BSCP Technology Engineering Services Security Practice Lead stezak@trcsolutions.com (o) / (c) Lawrence Fitzgerald, CPP, PSP Engineering / Construction / Remediation Security Group Leader lfitzgerald@trcsolutions.com (o) / (c) 27 14