Session: Planning For Security

March 31, 1:00 PM

Richard G. Little, AICP
National Research Council

Experience with terrorist attacks over the past 20 years has demonstrated that buildings and their occupants are extremely vulnerable to the effects of deliberately placed bombs. At the same time, the risk posed to a specific building will vary considerably depending on its location, mission, occupants, and symbolic value. In light of this, it has been difficult to allocate limited resources for protecting people and buildings in a rational, balanced manner. This paper suggests a role for planners in the planning and decision-making processes that can be employed to maximize the value of security-related investments. The approach has relevance for other hazards as well.

Since September 11, 2001, the vulnerabilities to terrorism of our urban areas, and how best to address them, have been subject to considerable discussion, debate, and reflexive defensive measures. Armed guards and concrete barriers appeared almost immediately after the terrorist attacks. Blast-resistant construction features, once the province of military installations and critical government facilities, are increasingly being considered for commercial buildings (MCEER, 2002, Lipton and Glanz, 2002). Systems to detect and interdict chemical and biological agents are also under development to protect buildings and their occupants from the effects of an attack utilizing these weapons. Although such responses to these frightening events are certainly understandable, they are not based on an objective assessment of risk, nor do they represent a planned approach for addressing the threat. In fact, given the large number of assets to protect and their widely dispersed locations, it may not be an effective, let alone cost effective, approach to thwarting urban terrorism. This paper will seek to demonstrate that a balanced strategy of preparedness, mitigation, response, and recovery, developed through a rational planning process and delivered by high-performance institutions staffed by capable, dedicated people, will achieve far greater long-term security. However, we must ensure that those institutions and people are available when needed.

Although the events of September 11, 2001 were shocking in their ferocity and wanton disregard for human life, they are also acts that will not be easily repeated—the vehicle-bomb employing conventional explosives still appears to be the most serious bombing threat against public buildings. Despite the damage potential of large vehicle bombs that has been demonstrated in attacks worldwide, there is a wide range of defensive strategies available to enhance the safety of buildings and their occupants. However, this task is complicated on urban sites where land can be extremely limited or unavailable due to cost or existing development, and potential conflicts can arise between design aesthetics, social values, and security objectives. In light of the finite resources available for physical protection, there is a need for a better way of allocating limited resources to the highest priority threats. It is an underlying premise of this paper that physical protection must be an integral part of a planning, programming, and design process that includes all stakeholders and is guided by sound risk management.

The traditional design and construction process is linear and compartmentalized and tends to inhibit free and interactive communications between decision elements and across technical disciplines. In fact, poor communications between individuals or organizations involved in planning for security and ineffective or exclusionary decision processes often lead to disappointing results or outright failure. As many security issues and mitigation approaches are introduced at different steps in the planning and design process, it is important that the process have sufficient flexibility to revisit initial assumptions regarding threat levels, risk and desired performance, and benefit from the synergy of a fully integrated approach. An even better alternative is to have all relevant stakeholders involved throughout the process.

Explosive materials are designed to release a large amount of energy in a very short time. In a most general sense, the blast energy experienced by a structure is related to the amount of explosive used and the distance of the building from the explosion. As will be shown in subsequent discussion, the ability to limit the size of a bomb through vehicle control and inspection and to enforce standoff distances from possible targets are two of the most important tools available to those charged with protecting people and buildings from bomb damage.

Buildings experience the effects of explosions in several stages. The first stage coincides with the arrival of the initial blast wave that typically shatters windows and causes other damage to the building facade. The initial blast wave also exerts pressure on the roof and walls that are not directly facing the blast and can cause damage to them as well. The second stage occurs when the blast wave enters the building and exerts pressure on internal parts of the structure. When directed upwards, this pressure may be extremely damaging to the slabs and columns because it acts counter to the design approach used to resist gravity loads. The structural and other damage caused by an explosion is the building’s response to the enormous amount of energy produced. This energy can either be resisted through the use of massive elements that are strong or ductile enough to survive without failure or through the acceptance of partial damage to windows, facade, and structural members. The concept of “graceful failure” assumes that various elements will resist long enough to absorb a large amount of energy and then fail in a manner that minimizes the risk of serious injury or death to the building’s occupants. Modern protective design, which attempts to balance security and aesthetics, generally incorporates the principles of both approaches.

Until aerial bombardment rendered them moot, most physical protection strategies for cities and towns were aimed at keeping an attacker at bay by means of moats, walls, and other physical obstacles. Even today, standoff , is still considered the most effective defense against a terrorist vehicle bomb because blast energy dissipates very quickly with distance . The importance of standoff distance in planning for physical security cannot be overemphasized. Despite the great strides that have been made in developing new materials and innovative strengthening techniques that will reduce building damage and occupant injury in the event of a bombing attack, the enormous amount of energy generated by even modest amounts of high explosives will still cause extensive building damage and personal injury if detonated at close range. If adequate standoff distance can be established and maintained, the other tenets of building protection become realistically achievable. If adequate standoff cannot be established, a combination of active site security, operational procedures, and building improvements must be provided.

Based on experience with blast effects on buildings and people, there are several basic tenets of physical protection for buildings that have evolved over time. These are:

• Preventing the glazing and façade materials from shattering and entering occupied spaces
• Keeping the blast energy outside the building
• Protecting the occupants from injury by fragments and larger objects, blast pressure, or physical translation
• Preventing structural collapse, both global and progressive

These objectives can be achieved through a basic systems framework that seeks to integrate four critical factors:

• denying the means of attack
• maintaining safe separation of attackers and targets through good planning and architectural practice
• providing strong, resilient construction to protect people and key building assets
• facilitating rescue and recovery operations in the event an attack occurs (Sevin and Little, 1998).

As demonstrated by the suicide attacks of September 11, there are some scenarios for which direct defense is neither practical nor realistic. Therefore, the first line of defense must be to identify and apprehend potential perpetrators before they can act. They must also be denied access to the means of attack such as explosives and delivery vehicles. This encompasses a broad range of primarily security-related activities such as domestic and international intelligence and surveillance, domestic law enforcement, enhanced airport security, improved explosive-detection devices, vehicle screening, and access and parking restrictions.

The second and third objectives require the active collaboration of planners, engineers, architects, landscape architects, security specialists, and others to ensure the attractive integration of site and structure in a manner that minimizes the opportunity for attackers to approach or enter a building. They include such features as landscaping and earthworks that can function both as blast barriers and vehicle controls and appropriately designed street furniture such as planter boxes, plinths, and bollards that prevent vehicular access. The numerous terrorist bombing attacks experienced in the past twenty-five years have generated considerable research into the effects of bomb blasts on buildings and people. As a result, these effects are reasonably well understood, as are the effectiveness of various countermeasure strategies (Little, 2002). Blast-resistance in buildings is generally provided by passive features such as additional reinforcement and connections in the structural frame for increased ductility, composite fiber wraps to prevent shattering of columns and slabs, and high-performance glazing materials that resist blast pressures. Under design conditions, these measures have been shown to be quite effective in reducing the devastating effects of deliberate explosions and consequently, reducing casualties as well (Mlakar, et al, 2003).

As the tragic events of September 11 made abundantly clear, it is difficult if not impossible to prevent destructive acts by persons unconcerned with their own safety or survival. Therefore, facilitating rapid rescue and recovery of victims in the aftermath of an attack is a key component of a building protection strategy. The speed with which rescue personnel can safely enter and secure a damaged building can reduce the loss of life, mitigate injuries, prevent further damage to the structure, and help restore the building to productive use.

In the context of building security, risk connotes the likelihood and consequences of failure of critical physical or operational systems that would lead to loss, either economic or in terms of human life. The development of effective and efficient project-specific security strategies requires the use of risk assessment, a decision technique that systematically incorporates consideration of adverse events, event probabilities, event consequences, and vulnerabilities. It assumes the participation and knowledge of all affected parties, including policy-makers, owners, occupants, planners, architects, engineers, and security specialists—these questions are not for engineers to answer alone (NIST, 1994).
In risk assessment, three questions must be answered (Kaplin and Garrick, 1981):

• What can go wrong?
• What is the likelihood that it would go wrong?
• What are the consequences of failure?

Risk management builds on the risk-assessment process by seeking answers to a second set of questions (Haimes, 2002):

• What can be done and what options are available? (What is the mix of site selection and configuration, building features, and management practices that will provide the desired level of protection?)
• What are the associated trade-offs in terms of all costs, benefits, and risks? (For example, increased cost would be traded off with reduced risk and improved confidence in the system.)
• What are the impacts of current management decisions on future options? (Policy options that seem cost-effective at present must be evaluated under plausible future changing conditions. For example, providing certain physical hardening may preclude building modifications to increase functionality in the future.).

Any actions taken to develop and implement comprehensive security strategies for cities (buildings, institutions, and infrastructure) must be based on a balanced assessment of all risks and the possible consequences of failure. These strategies must be informed by the best available information, carried out by knowledgeable people, and implemented through an inclusionary decision process.

Many years of observing natural disaster events support the general premise that resilient communities, i.e., those having in place robust systems and institutions that possess a good deal of redundancy , usually fare the best (Delmuth, 2002). The attacks of September 11 provide some interesting lessons for understanding how these straightforward concepts aided in the relatively rapid recovery of New York City’s infrastructures during a period of great stress and challenge. There were several reconnaissance-level studies of the performance of infrastructure in the vicinity of the World Trade Center in the days and weeks following the attacks (Tierney, 2002; Wallace, 2002; Zimmerman, 2002) which all underscore the notion that the critical features of survivable systems are resilience, robustness, and redundancy. These characteristics are just as critical for institutions as for the physical systems themselves. New York City was able to recover relatively quickly (compared to how other cities might have fared) after September 11 not only because of the inherent redundancy of its physical infrastructures (which is considerable) but because of its institutional resilience as well. Many of the service providers involved in New York’s recovery (e.g., Consolidated Edison, Verizon, AT&T, MTA) demonstrate resilience, robustness, and redundancy. They possess considerable capacity in people who are considered international experts in their fields; state-of-the-art equipment and configuration management; as well as other physical and institutional resources necessary to effect recovery (O’Rourke, et at, 2003). It is not apparent that leaner, less robust systems would have performed as well and as a result, recovery would have been hampered.
Another lesson reaffirmed on September 11 is that buildings have meaning and that iconic structures—symbols of the cultures that support them—will, in all likelihood, continue to be targets of terrorism (Rypkema, 2003). So long as terrorism is used as a weapon in a clash of cultures, our cities and their important structures will be at risk. Protective technologies can address some but not all of the risk. Prudent risk management requires a more comprehensively planned approach.

In Betrayal of Trust, (Garrett, 2000), Laurie Garrett paints a grim picture of how in the 20th century the public health infrastructure in the United States deteriorated from a formidable first-line defense against infectious disease to a struggling, under-funded, and under-appreciated appendage. Today’s concerns with bio-terrorism have the citizens and policy makers alike wondering if the U.S. is capable of dealing with deliberately induced outbreaks of infectious disease (The very public national fumbling following the postal-based anthrax attacks in October, 2001 suggests that we are not [Macintyre, 2001].). However, terrorism may not be the real biothreat. The global economy and worldwide air transportation network have created a closely-coupled system that probably made the recent outbreak of Severe Acute Respiratory Syndrome (SARS) inevitable. In the absence of a robust global public health infrastructure, the potential consequences are grim. As Garrett points out:

High-tech solutions, devices to “sniff out” nasty microbes in the air or detect them in the water supply are a technological solution to a public health threat. Were a biological attack to occur, or a naturally arising epidemic, the public would have only one viable direction in which to place its trust: with its local, national, and global public health infrastructure. If such an interlaced system did not exist at a time of grave need it would constitute an egregious betrayal of trust.

Klinenberg, in what he termed a “social autopsy,” describes the effects of excessive heat in Chicago in one week in July, 1995 that caused 739 deaths—more than Hurricane Andrew, the crash of T.W.A. Flight 800, the Oklahoma City bombing, and the Northridge, California, earthquake combined. He cites five, primarily institutional, factors that he believes contributed to the enormity of the disaster:

• Delegation of key health and support services to paramilitary (i.e., police and fire) organizations
• Lack of effective system for organizing and coordinating city, county, state, and federal agencies
• Lack of public will or ability to provide basic resources for those in need of support
• Expectation that urban residents will respond as “smart consumers” of public services
• The increasing role of public relations, as opposed to real response, in managing crises (Klinenberg, 2002)

By any definition, this was an extreme climatological event and breakdowns in the electrical and water distribution systems certainly contributed to its severity. However, the magnitude of its consequences, particularly among those disconnected from the social and economic mainstream, was clearly exacerbated by the failure of pubic institutions to protect those who needed them the most. Klinenberg attributes part of this breakdown to pressures to “make government operate more like a business.”

At a recent meeting of the Earthquake Engineering Research Institute, Petak made a strong case for the need for a holistic approach to implementing earthquake mitigation measures (Petak, 2003). He noted that mitigation technology has advanced considerably over the years but deployment had not kept pace, even in earthquake-prone California. He believes one of the principal reasons for the gap is that earthquake risk reduction is viewed by many as a technical problem with a technical solution. However, despite the value of technology, it requires institutions and people to implement a workable, socio-technical systems solution. Figure 1 illustrates how the elements of such a system work together. This has many parallels in how we approach the protection of our cities from future terrorist attacks.

Figure 1. A socio-technical system view for decision-making (Linstone, 1984).

Recently, Gale and Husick, likening the protection of critical infrastructure systems to the “commons” of the environmental movement—a vital asset shared by all but owned by none that is ultimately laid waste because it is in everyone’s individual best interest to take much while contributing little to its stewardship—have proposed a “Security Impact Statement” as a decision-making tool for societal investments in protecting the “commons” (Gale and Husick, 2003). Their proposal would allow for the comparison of a full range of options from purely technological to more balanced systems that rely on institutions as well. This type of assessment would be helpful in determining the true value, in terms of costs and benefits, of plans to protect assets individually versus broader strategies that might address multiple threats in many locations.

Unfortunately, we find ourselves in a time where former contexts of threat, vulnerability, and target have all changed and continue to do so. Threats are unpredictable and the full range of threats probably unknowable. Planning for security in this situation needs to be flexible and agile and capable of responding to new threats as they emerge. Protective technologies will play a key role in making our cities safer but only if deployed as part of a system that includes organizations and people. Technology is necessary but people need to be involved at critical points to avoid failing into a potentially fatal trap that “we’ve thought of everything.” The institutions, people, and resources necessary to complement protective technologies must be available when needed or the system will not function.

There are several issues that planners should consider as a high priority for the profession as homeland security comes to dominate the domestic agenda for the foreseeable future. If the profession is to have a role, it must become aware of the nature of the credible threats confronting us as well as how the technical capabilities of planners can be most useful in the struggle we must wage and win against terrorism. In that regard, the following areas should be considered priority challenges for the planning profession:

• Understand security issues given the increasing complexity of threats, vulnerability, and risk
• Clarify and define the problem of protecting urban areas (people, buildings, and infrastructure) and establish meaningful, achievable objectives
• Organize, empower, and fund the appropriate organizational entities
• Work with infrastructure stakeholders (owners, operators, public) on how best to address threats, vulnerabilities, and possible consequences
• Provide adequately trained professionals who understand the holistic nature of planning for security

In the wake of the terrorist attacks of September 11, 2001, there is widespread demand for enhanced security measures in the United States. Although the effects of terrorist bomb blasts on buildings and people are reasonably well understood, as are the effectiveness of various countermeasure strategies, planning for the security of our cities will require the active participation of all stakeholders. Decisions on protective strategies should be based on an objective risk management process tailored to the individual circumstances and the collective willingness and ability of the stakeholders to accept risk. This process should begin as early as possible in the planning stage and offers the planning profession a logical and vital role in domestic security.

Delmuth, J. 2002. Countering Terrorism: Lessons Learned From Natural And Technological Disasters. Washington, D.C.: National Academy Press.

Garrett, L. 2000. Betrayal of Trust: The Collapse of Global Public Health. New York, N.Y.: Hyperion Books.

Gale, S. and L. Husick. 2003. From MAD (Mutual Assured Destruction) to MUD (Multilateral Unconstrained Disruption): Dealing with the New Terrorism. Foreign Policy Research Institute. Washington, D.C.

Haimes, Y.Y. 2002. Risk of Terrorism to Cyber-physical and Organizational-societal Infrastructures. Public Works Management and Policy. 6(4):231-240.

Kaplan, S. and B.J. Garrick. 1981. On the Quantitative Assessment of Risk. Risk Analysis. 1(1):11-27.

Klinenberg, E. 2002. Heat Wave: A Social Autopsy of Disaster in Chicago. Chicago: The University of Chicago Press.

Linstone, H., 1984. Multiple Perspectives for Decision Making: Bridging the Gap Between Analysis and Action. New York, N.Y.:Elisevier-Science Publications.

Lipton, E. and J. Glanz. 2002. 9/11 Prompts New Caution in Skyscraper Design. The New York Times. September 9, 2002.

Little, R. G. 2002. A Probabilistic Approach for Protecting People and Buildings from Terrorist Attack and Other Hazards. Proceedings of the Conference on Protecting Structures Against Hazards. Singapore. C.I. Premiere.

Macintyre, A. 2001. “Chemical and Biological Weapons - Existing and Emerging Threats”, Presentation to the Seminar On Chemical And Biological Threats To Buildings, December 20, 2001. Federal Facilities Council, Washington, D.C.

MCEER (Multidisciplinary Center for Earthquake Engineering Research.). 2002. Proceedings of the Workshop on Lessons Learned from the World Trade Center Attack:

Management of Complex Civil Emergencies and Terrorism-Resistant Civil Engineering Design. Technical Report MCEER-02-SP08. Buffalo, N.Y.: Multidisciplinary Center for Earthquake Engineering Research.

Mlakar, P.F., D. Dusenberry, J.R. Harris, G. Haynes, L. Phan, and M. Sozen, 2003. The Pentagon Building Performance Report. Reston, Va. American Society of Civil Engineers.

NIST (National Institute of Standards and Technology). 1994.1994 Northridge Earthquake: Performance of Structures, Lifelines, and Fire Protection Systems. Gaithersburg, Md.: National Institute of Standards and Technology.

O’Rourke, T.D., A.J. Lembo, and L.K. Nozick. 2003. “Lessons Learned from the World Trade Center Disaster About Critical Utility Systems”, Impacts of and Human Responses to the September 11, 2001 Disasters: What Research Tells Us. Boulder, Colorado: Natural Hazards Research and Information Center.

Petak, W.J., 2003. Earthquake Mitigation Implementation: A Sociotechnical System Approach. 2003 Distinguished Lecture, 55th Annual Meeting of the Earthquake Engineering Research Institute. February 5-8, 2003. Portland, Or.

Rypkema, D. 2003. The Importance of Downtown in the 21st Century. Journal of the American Planning Association. 69(1):9-15.

Sevin, E. and R.G. Little, 1998. Mitigating Terrorist Hazards. The Bridge. 28(3):3-8.

Tierney, K. 2002. Overview: Conceptualizing and Measuring Resilience for Physical and Organizational Systems. Proceedings of the Workshop on Lessons Learned from the World Trade Center Attack: Management of Complex Civil Emergencies and Terrorism-Resistant Civil Engineering Design. Technical Report MCEER-02-SP08. Buffalo, N.Y.: Multidisciplinary Center for Earthquake Engineering Research.

Wallace, W.A. 2002. Disruptions in Interdependent Infrastructures: A Network Flows Approach. Proceedings of the Workshop on Lessons Learned from the World Trade Center Attack: Management of Complex Civil Emergencies and Terrorism-Resistant Civil Engineering Design. Technical Report MCEER-02-SP08. Buffalo, N.Y.: Multidisciplinary Center for Earthquake Engineering Research.

Zimmerman, R. 2002. Enhancing Resilience of Integrated Civil Infrastructure Systems. Proceedings of the Workshop on Lessons Learned from the World Trade Center Attack: Management of Complex Civil Emergencies and Terrorism-Resistant Civil Engineering Design. Technical Report MCEER-02-SP08. Buffalo, N.Y.: Multidisciplinary Center for Earthquake Engineering Research.

Parts of this paper were originally presented at the conference, “Protection of Structures Against Hazards,” November 14-15, 2002, in Singapore. The opinions stated in this paper are those of the author and do not necessarily reflect positions of the National Research Council.

Author and Copyright Information

Richard G. Little is Director of the Board on Infrastructure and the Constructed Environment of the National Research Council (NRC) where he develops and directs a program of studies in building and infrastructure research and maintains outreach and liaison with federal agencies, the legislative branch, and affiliated organizations. He has directed NRC study activities, participated in workshops and panels, and written several papers dealing with blast-effects mitigation and critical infrastructure protection. He served as the Study Director for the 1995 NRC report, Protecting Buildings from Bomb Damage and the 2001 report, Protecting People and Buildings from Terrorism: Technology Transfer for Blast-effects Mitigation and a just-completed review of the Interagency Security Committee (ISC) Security Criteria. Mr. Little has over thirty years experience in planning, management, and policy development relating to public facilities including fifteen years with local government. He has been certified by examination by the American Institute of Certified Planners and is a member of the Federal Planning Division of the American Planning Association. Mr. Little holds a B.S. in Geology and an M.S. in Urban-Environmental Studies, both from Rensselaer Polytechnic Institute.