5 myths about physical security and buildings, and the realities you need to know
Monday, 20 April, 2015
Even though we all agree that the threats on physical security have changed with technology, we don’t all concur on what we can or should do about it. In fact, many misconceptions about physical protection of buildings continue to abound.
As people who work in the business, we run into a number of misunderstandings every day. Let’s take a closer look at the top five myths about physical security and buildings, and the realities that you need to know.
Myth 1: There’s not much you can do to prevent attacks on buildings, receptions or your personnel. They are random. If it happens, it happens.
Reality: While you can never 100% eliminate the risk of attacks, you certainly can mitigate the risk and effects on both buildings and personnel.
In order to dispel of this first myth, we need to understand some key concepts and how they work together. Any serious physical security effort starts with a risk analysis as an integral part of the risk assessment process. The risk analysis comprises these steps:
- Threat assessment
This identifies who and what may constitute a threat to the facility in order to determine the threat level.
- Vulnerability analysis
Based on the threat assessment, our analysis of weaknesses in the facility determines the likely locations and methods of a potential attack.
- Consequence analysis
This describes the consequences of an attack on the facility in respect of the established threat level and vulnerability.
- Explosion consequence analysis (ECA)
For the ECA, we make use of explosives science and engineering to provide scientific documentation of the potential risk to individuals and property from blast effects and fragmentation.
- Structural vulnerability assessment (SVA)
Using documentation from the ECA, the SVA draws on our civil and structural engineering experience to predict specific effects on structures.
- Explosion consequence analysis (ECA)
Once we have a good risk analysis, we have a thorough understanding of what could go wrong. We can then choose the best ways to prevent attacks and minimize their effects if they do occur.
Myth 2: All you need to do to keep a building safe is have thick walls, a high fence and armed guards.
Reality: Physical security is a system, not just a collection of separate elements. So to get the most security for your budget, you have to think systematically.
First, let’s line up the parts: the types and layers of physical protection.
In terms of physical security, protection of a controlled area or building consists of three layers:
- Perimeter protection (e.g., bollards, road blockers, fences)
- Shell protection (e.g., doors, windows and wall reinforcement materials)
- Cell protection (e.g., wall reinforcement materials).
Similarly, physical protection that mitigates threat vulnerability and improves survivability within a controlled area consists of two main types:
- Physical measures: Biometric; and mechanical technology/systems (physical barriers); electronic (intrusion detection, video assessment and automated entry control systems)
- Organizational measures: Planning, coordinating and implementing communication and organizational procedures.
Then, let’s understand that the parts work together to create a whole. Changing one part of the security system can change the entire system. For example, if you increase the distance between the perimeter and the shell, the shell is easier to protect against ground explosives, and you might get more protection for your money. Similarly, although having armed guards patrolling a perimeter might be effective, it is also expensive and not necessarily suitable in a busy urban setting.
The trade-offs between layers and physical and organizational measures are many and complex. In our experience, intelligent, systematic planning improves physical security while also considering other important factors:
- Quality of life: Nobody wants to work in a dungeon even if it is safe. Aesthetics play an important role, and must be balanced against other priorities.
- Building phases: The earlier you start to plan for security, the easier it is to integrate intelligent, systematic solutions.
- Budget/resources: It’s all about getting “the most security for your money”. The better you are at systemic thinking and planning, the more risk you can efficiently mitigate – and maximize cost efficiency.
Remember, the process is dynamic and system parts change over time. Risks, threats and vulnerabilities all evolve; so must your physical protection planning.
Myth 3: You can’t make an old building more secure.
Reality: There are many ways to improve the security of existing buildings – even historic ones.
While it might seem easier to create state-of-the-art protective systems in a greenfield project, in fact many older buildings also need to be made more secure.
Often, the buildings that we most want to keep secure have enormous historic or cultural value – and still function as workplaces even though they are hundreds of years old. Just think of iconic structures such as the White House in Washington, D.C., or Westminster Palace in London.
Retrofitting existing buildings to make them more secure is not only possible; it is essential and happens every day. Technology and design have come together in capitals around the world to update the physical protection of historic government buildings as well as corporate and military facilities.
Myth 4: Making buildings more secure makes them look ugly and unapproachable.
Reality: It can, but it doesn’t have to.
This is one myth that’s hard to bust – for there are indeed many examples of physical protection that are just plain ugly. Just think of all those poorly designed perimeter protections that have popped up around buildings over the last 15 years; windows that look like they belong on prisons, not government ministries; lamps, cameras and other fixtures that were slapped on rather than designed to match otherwise beautiful buildings.
But things don’t have to be that way, and there are plenty of examples of form and function working nicely together in the service of better physical protection.
For example, where the average passerby might see only a lovely flowerbed, security pros and architects are able to recognize effective perimeter security. Blast-proof windows do not have to look any different than regular windows. And if you want to illuminate a dark area: well-designed lamps can spread just as many lumens as poorly designed lighting.
Remember, the earlier you get security consultants, architects and contractors on the same page, the easier it is to come up with aesthetic solutions.
Myth 5: If physical protection of buildings was so important, all governments would require it.
Reality: Governments in many countries already do require certain building types to pass stringent guidelines – and it’s just a question of time before we see relevant legislation passed in more countries.
In many countries, building codes for fire safety, energy efficiency and earthquake protection are standard practice. But what about legislation concerning physical protection from terrorism, crime and sabotage?
Since 9/11, the United States has unified standards for manmade hazards for Federal buildings, but no such guidelines in place for private sector buildings and installations. The United Kingdom, with a terror history that goes back to “the troubles” with the IRA, has long since put in place a set of structural design codes, and has a strong tradition of protecting buildings and public places against terrorism.
In most other countries, including Scandinavia, the situation is at best uneven.
Here in Denmark, where we have well-developed building codes for practically everything else; there is neither legislation nor any tradition for protecting buildings against terror attacks.
The situation was similar in Norway until the Breivik incident. Since 2011, however, many public buildings in Oslo and elsewhere have been retrofitted to better protect them against bomb blasts. And that’s not all. Windows have also been retrofitted and several reception areas have been rebuilt to protect employees from ballistic attacks and forced entry.
Perhaps it’s just human nature to react defensively only after the improbable has happened, rather than plan proactively against it? No doubt. But we believe the future will see more governments, companies and organizations asking hard questions about the physical protection of their people, buildings and critical infrastructure installations.