Setting the Standards for Security

When US Coast Guard personnel move to their new headquarters in 2010 on the grounds of the former St. Elizabeth’s hospital in Washington DC, they will enter a federally owned building with state-of-the-art security.
But even in its current leased space, the Coast Guard already has technologically advanced—and esthetic—security measures thanks to Wayne Truax, chief of security and safety for Coast Guard Headquarters Support Command.
The current 32-year-old headquarters, an undistinguished blocky building of leased space overlooking the Anacostia River at Buzzard Point, began upgrading its security even before Sept. 11, 2001. But in 2003, when the Coast Guard was integrated into the Department of Homeland Security (DHS), it began a security upgrade.
“The first thing we did was what we could do quickly and off-the-shelf—acquire pop-up barriers for vehicle control,” Truax recalled to HSToday. “We had none of that before. We put up two pop-up barriers to control access to sides of the building and the parking garages.”
Coast Guard security then acquired bollards, seeking out the toughest and most crash resistant structures available.
“We designed them ourselves and we used a nautical theme for them,” he said. “So when they are next to the marinas on both sides of us, it looks natural. They’re bollards with flat tops and heavy anchor chains in between. It’s a very common look and it blends. We wanted our security to be noticed without standing out and hitting you in the face.”
The subtle security measure blended in with its surroundings and garnered compliments from city officials who appreciated the fact that they weren’t too intrusive or disruptive.
From there, Truax oversaw some reconstruction of the building, particularly the main lobby, to facilitate additional security measures. The lobby was expanded and reshaped to accommodate sensory equipment and accommodate traffic at the building’s only entrance. Truax found it challenging to work with an older building but he received a great deal of support from the building’s owner, Tishman Speyer, a real estate firm headquartered in New York City,
“Our success here in Coast Guard headquarters really has been the result of a good working relationship with the city and the building’s owners for the common goal of securing Coast Guard headquarters. I couldn’t have gotten anywhere without the help of both of those groups. It was a collective effort. If a building owner doesn’t want to support you when you’re in a leased building that makes it hard.”
Truax also installed mirror-reflective blast film, which protected windows and surfaces from explosive attacks and also helped conserve energy by dropping the summer temperature within the building by about 10 degrees.
Landlord and tenant shared the cost of cosmetic changes that came as a result of the security changes. The result is an older leased building with modern security measures that Truax proudly presents as a model for other federal agencies.
The mother of all landlords
The US federal government is by any measure one of the world’s biggest landlords, if not the biggest. According to the General Services Administration (GSA), more than 1,600 government-owned buildings with more than 339 million square feet of workspace in more than 2,000 American communities house more than a million federal employees—and that’s just civilian properties.
Indeed, the government leases approximately 3.4 billion more square feet and, in addition to that, there are military and overseas facilities to consider.
And it’s all at risk.
Today, new security standards being implemented by the federal government are causing a revolution in the architecture and procedures in that vast array of facilities—and in those that will be built in the future.
The federal government’s wake-up call came not on Sept. 11, 2001, but on April 19, 1995, the day that homegrown terrorists bombed the Alfred P. Murrah Federal Building in Oklahoma City.
The destruction of the Murrah building and the death of 167 people, including 19 children, awakened federal officials to the need to protect their facilities from terrorist attack. On Oct. 19, 1995, President Bill Clinton issued Executive Order 12977, establishing the Interagency Security Committee (ISC) to handle the mission. In 2003, chairmanship of the committee was transferred to DHS.
The ISC committee comprises security experts fromabout 40 government agencies who devise the standards that protect federal buildings today. The committee completed a second version of standards for space owned by the federal government in September 2004 and published them last December, and then released standards for leased space in February 2005.
The standards were based on input from “security specialists, design professionals, engineers, architects and fire and safety specialists from member agencies,” including the 21 primary members—among them DHS, the Department of Defense, the Justice Department, the General Services Administration (GSA) and others, Dwight Williams, the DHS chief security officer, told a House Government Reform Committee hearing on July 27, 2005.
“The ISC security standards do not establish a single, one-size-fits-all standard for every leased federal facility,” Williams testified. “Our goal is to ensure that we have an effective program for securing leased space, utilizing a risk-management approach based on three primary factors recently articulated by the secretary as: threat, vulnerability and consequences.”
Engineering the best standards
The first document to set the government on the path of its facilities revolution was published by the Justice Department in 1995, just months after the Murrah Building bombing. That document, titled Vulnerability Assessment of Federal Facilities, set up definitions and metrics that are still the basis for federal building security measures today. (Although ISC standards are not available to the public, those interested can order Vulnerability Assessment of Federal Facilities from the Government Printing Office by following instructions available at http://www.usdoj.gov/opa/pr/Pre_96/July95/381.txt.html).
“Depending on the number of people that are in the building, the size of the space of that building and depending on some of the criticality of the mission, they went ahead and came up with some minimum standards that people can use in these areas to try to address the threats and build them in place,” Keith Hughes, ISCexecutive director, told HSToday.
“They hit things like: What’s the way in? Do you have a day-care center in there? Do you have public access into the building? How often does the public use the building? How many people do you have in there? Those types of things. The government does use that as the baseline of its minimum standards in reference to when they look at a building, they look at these general characteristics and determine a level and try to address it accordingly,” he added.
Hughes sat on the committee that helped the Justice Department craft Vulnerability Assessment of Federal Facilities, and he also became a member of the ISC as the security officer for the Social Security Administration. Today, he sits in the DHS Office of Security, where he provides day-to-day leadership for the committee.
GSA originally chaired the ISC committee, which set to work on setting strong physical security standards for federal facilities. The ISC finished its first Draft Security Criteria on Oct. 8, 1997, and a final version in 2001. The terrorist attacks on the Pentagon and the World Trade Center on 9/11 added urgency to the ISC’s work. Once DHS became the lead agency chairmanship was given to the DHS chief security officer on Feb. 7, 2003.
When DHS was established, it received the Federal Protective Service (FPS) from GSA. The secretary of Homeland Security delegated ISC responsibilities to FPS in January 2004.
On Sept. 29, 2004, the ISC issued the latest version of the ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects, which established physical security requirements for the construction of new federal buildings and for the renovation of existing federal buildings.
The ISC standards are available to authorized personnel at http://www.oca.gsa.gov. The general public can only access some supporting documents at this site. The ISC Security Design Criteria must remain for official use only, Hughes warned, and only authorized federal employees and contractors can view them.
“That is the type of information that we don’t normally share in the open that anybody can get their hands on and determine some of the things that we are doing,” Hughes explained. “You don’t want to give them all of the keys. Part of a good security program is to put things in place, some that are very specific, but some that you can’t quite see at the surface. So if there would happen to be some type of attack, you have the best opportunity to resist that or identify it or maybe actually to stop it by having some of those things in place.”
The ISC has several subcommittees, but the main membership meets quarterly. The subcommittees may meet more often to tackle their individual responsibilities, which include things like building access, leased facilities, security designs and safe mail handling, he said.
“As the physical security community identifies areas that we need to address and try to get some further guidance, or if there has been some changes in technology and things, then we try to address them as best we can with some of these groups,” Hughes said.
Laying the foundation
Only now are the ISC standards being incorporated into federal building and leasing solicitations, Joseph Moravec, commissioner of GSA’s Public Buildings Service, told the July 27, 2005 House Government Reform Committee hearing. He predicted that the private sector would rise to meet the ISC standards, as the government incorporates the appropriate clauses into building and leasing contracts.
Moravec noted that the ISC requirements do not prevent a federal agency from taking initiative to provide a higher degree of security than required, depending on its mission. In addition, the ISC recognizes that some agencies may not be able to meet the prescribed minimum standards.
“The ISC recognizes that not all standards are achievable in all markets, and they allow for alternative risk mitigation strategies in the event that no market solution is available,” Moravec said. “Where standards are unobtainable, the standard becomes to achieve the best security solution available.”
The ideal requirements outlined in ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects can apply only to buildings the federal government owns, according to Hughes. Sometimes, the government must lease space from commercial realtors for convenience or expedience and it is not always possible or affordable to implement the same standards in leased space. So, ISC released Security Standards in Leased Space in February 2005.
“It’s such a different perspective,” Hughes said. “You deal a lot more out in the civilian sectors. You’re in the inner city. These are not buildings that the government builds. So when you identify a building, you have to look at the type of people that are in the building, the areas of the building that the government might use and then you want to develop some standards that are more acceptable and flexible within that community so there are more guidelines in reference to doing that.”
The standards must address a variety of threats, based on a risk assessment of potential threats to an individual building. Then, the agency in that building must install the proper security measures, which could range from special glass protection film to appropriate training techniques for security personnel.
Analysis
When policymakers or pundits talk about security standards, they often refer to protecting against the dramatic threat of protecting a building from a truck bomb or other explosive devices.
But Hughes and Dennis O’Connor, chief of staff of the Federal Protective Service (FPS), told HSToday they agreed that, despite the attack on the Murrah Building or the explosive attacks of 9/11, blast protection alone is not the top priority of federal government security measures. In fact, both men identified ordinary criminal activity asa top concern.
“The biggest threats facing federal buildings are associated to plain old criminal activity,” O’Connor said. “All terrorists are criminals, but not all criminals are terrorists. FPS attempts to prevent or at least minimize the wide spectrum of criminal activity associated with property crimes and crimes against persons.”
Hughes reflected: “If you live in a gang area, you might have stray bullets that come flying over in some of the inner city offices because of those types of areas. In the case of that agency, you may need to be there to provide a service, and the government will always do that. So you would need to make an assessment and may put some kind of special glass protection or some type of protection in place in the perimeter to address that type of threat.”
These security professionals are aware of the stakes, however. O’Connor said that “vehicle-borne improvised explosive devices” produce the most devastating attacks on federal buildings. FPS actively shares information and participates in counter-terrorism task forces to stay on top of intelligence that would reveal a threat of that nature, he added.
And in so doing, the men and women of FPS reveal that carefully planned standards and expensive technological solutions may protect against attacks, but they do not prevent them. Prevention lies in the hands of highly trained security personnel, who know when to use the appropriate tools in the right situations.HST
________________________
ISC security levels
Interagency Security Committee (ISC) security standards are set by the number of employees and size of the facility to be protected. These specifications are divided into various levels that were originally defined by the Vulnerability Assessment of Federal Facilities report, published by the Justice Department in 1995. The full report can be ordered from the Government Printing Office, but the Federation of American Scientists has reprinted an appendix that describes the levels. It’s available at http://www.fas.org/ irp/gao/ggd-98-141-4.htm.

  • Level I security generally involves 10 or fewer employees and a maximum of 2,500 square feet of office space.
  • Level II covers 11 to 150 employees and 2,500 to 80,000 square feet.
  • Level III includes 151 to 450 employees and 80,000 to 150,000 square feet.
  • Level IV is more than 450 employees and 150,000 square feet of space.
  • Level V is much like level IV, but the missions of level V facilities are critical to national security.

Because Levels IV and V require complete control over all security aspects of the space by the federal government, along with dedicated heating, ventilating and air conditioning for key entrances, it poses significant challenges to real estate companies that might lease buildings to federal agencies:

  • Perimeter security
  • Entry security
  • Interior security
  • Administrative procedures
  • Blast setback standards/li>

Blast setback standards are the most difficult to meet, but are foremost in the minds of many experts.
________________________
ISC snapshot: Security from the ground up
In October 2005, the Atlanta office of Opus South Corp. broke ground on a new Social Security Administration Center in Birmingham, Ala. The ISC guidelines were on the minds of Opus architects and engineers the very first day they contemplated bidding for the project, Tom Olmstead, national director of government programs for The Opus Group, told HSToday.
“Working amongst our team until we are selected, then bringing in the government very quickly to get a keen understanding of what its real expectations are, allows us to incorporate the various ISC requirements,” Olmstead told HSToday. “Some of them are just common sense — the way you align the building or where you put the parking versus where you might put it otherwise — that really don’t add any cost or anything else like that. It’s just the going-in philosophy might be a little bit different than a commercial building.”
The Opus Group, the parent company of the Opus South Corp., was building or developing about 3.5 million square feet of space for the federal government as of August 2005. The company is tackling projects for the Environmental Protection Agency, the US Army and the departments of Interior, Transportation and Veterans Affairs, in addition to the Social Security Administration.
Opus entered the government construction market about three years ago, and in order to gain a thorough understanding of the ISC building requirements, hired Hinman Consulting Engineers, headquartered in San Francisco. Hollice Stone, the military facilities lead engineer at Hinman, told HSToday that the ISC homeland security requirements take into account the public nature of government facilities.
“You can’t just build fortresses that nobody is allowed to enter, because although that is very safe for the people that work there, it doesn’t really make a lot of sense when you think of the function that these structures have to have,” Stone said. “It also takes into account that a lot of our government buildings are in an urban environment. You can’t just drop them in the middle of a field, keep everybody 300 or 400 feet away, and be done with your protection.”
The ISC guidelines prescribe layers of defense that would block terrorist acts, such as an explosion, Stone explained. The committee examined the characteristics of explosions and identified common injury patterns and typical structural failures in buildings, she added.
So the first layer of defense in the committee’s guidelines involves keeping terrorists as far away from the building as possible. In urban areas full of federal buildings, like Washington, DC, the result of this requirement has been an endless number of jersey barriers designed to keep explosions distant from potential targets. With new construction, such as the Birmingham Social Security Administration building, firms like Opus have figured out ways to build in perimeter barriers using much more attractive and less obvious methods.
“It’s more attractive than having a big fence around the building to protect it, or a line of bright-yellow bollards running down the street, saying, ‘Guess what? I’m a government building,’” Olmstead said. “We can put in knee walls or we can put in a fountain or something like that that stops a vehicle from penetrating that outside perimeter. It’s much more attractive and it kind of camouflages the building as being a government building versus any other commercial building on the street.”
The second layer of defense prescribed by the ISC focuses on the façade of the building, Stone said.
“A building façade can either protect people or harm people,” she said. “It can protect people by being designed in such a manner that the more prevalent failure modes and the more prevalent injury modes that people have seen in previous explosions are prevented.”
Today, government buildings often use blast-mitigation glass films to stop the shattering of windows into harmful shards in the case of an explosive attack, Stone said. Thus, the ISC guidelines reduce the number of potential injuries among building occupants by decreasing the danger of glass shards.
Finally, the building materials used within the structure itself constitute a layer of defense. The sturdier the construction materials, the more difficult it is for terrorists to penetrate a building, Stone noted.
Materials such as Kevlar from DuPont can fortify the structure of buildings, according to the company, while fire-resistant DuPont Nomex can limit fire damage.
________________________
ISC snapshot: Steps to meeting the standards
Meeting the ISC standards requires a methodical, systematic approach to facility protection. One company offering such a process is Executive Protection Systems, a provider of emergency preparednesssolutions, protective equipment and training based in Winchester, Va.
“We want to first gauge what is your philosophy, what is your budget and what is your goal? That’s even before a vulnerability assessment,” Michael Guevremont, chief executive officer, told HSToday. “Some people want to do security and they want to protect their building, and they have no budget or limited budget.”
Once security officers have determined their limitations, they can conduct a vulnerability assessment or hire specialists to help them conduct it. That requires making best use of intelligence to figure out the likely threats and the resources available for defense. Additionally, government agencies and businesses alike must recognize that an institution in the immediate vicinity may also be a threat.
“Anybody who cares about security at their firm should know what the threats are or perceived threats in proximity to their facility,” Guevremont said. “A lot of businesses feel that they are not a target and say, ‘Nobody cares about us because we’re so small. It doesn’t matter. Nobody is going to be out to bomb us.’ You can’t always look at it like that. You have to be a little bit more open-minded and look out your window. Maybe right across the street is the Treasury building. I’m sure that’s a target. An event there affects you.”
The security zone also extends to nearby buildings, as demonstrated by the attacks of Sept. 11, 2001, when the entire World Trade Center complex and the surrounding district was affected by the attacks on the Twin Towers.
While 9/11 may have raised government and industry awareness of the need for greater public facility protection, today first responders and security planners are fearful of a new threat: improvised explosive devices (IEDs).
“Now it’s looking at other things globally,” Guevremont pointed out. “It’s looking at London. It’s looking at Iraq and Israel, the things that terrorists are capable of doing on a lesser than grand scale. It’s driving a car into something and having it explode. It’s having a person walk into a market and blowing themselves up. That’s real.”
To help government managers tackle the challenges of public facility protection, Executive Protection Systems formed a partnership with Smiths Detection Inc., which has its US headquarters in Pine Brook, NJ. Executive Protection Systems holds seminars for federal, state and local officials, and the two companies have built a training center of excellence in Winchester to display their products.
Guevremont warned, however, that installing a lot of technology doesn’t solve all of an organization’s antiterrorism problems.
“You can have all of this gear, but if you’re not paying attention and if the security guards are not trained to pay attention on what to identify, then all of the equipment in the world doesn’t help you,” he said.
________________________
ISC snapshot: SAFETY considerations
In an effort to promote facility protection, DHS has considered facility protection technology for coverage under the SAFETY (Support Anti-Terrorism by Fostering Effective Technologies) Act of November 2002. The SAFETY Act, administered by the department’s Science and Technology Directorate, protects manufacturers of antiterrorism technologies from liability if their products or technologies fail.
One example of use of the SAFETY Act for public facility protection came a year ago, when Lockheed Martin Corp., based in Bethesda, Md., won SAFETY Act protection for its MetroGuard system. MetroGuard networks a sensor array to provide warning of the presence of chemical, biological, radiological or nuclear (CBRN) agents through remote detection units.
“MetroGuard is as much a concept as it is a particular item. It was based on work that Lockheed Martin had done for the military in the mid-90s for developing a large area networked array of sensors to monitor for chem-bio clouds,” Richard Read, Lockheed Martin’s senior manager for CBRN business development, told HSToday.
Because Lockheed Martin took a broad view of public facilities, including venues that are much more complex than buildings with easily identified entry points, Lockheed Martin identified two different modes of operation for MetroGuard, Read said.
In the first, the system monitored perimeters and provided early warning of threats, which is particularly useful for large public sites, such as convention centers, sports arenas and port facilities. In these cases, the threat could come from off-site release of an agent to attack a facility that has a great deal of open access.
In the second application, security personnel can adjust the MetroGuard sensor array to include indoor monitoring. Operating in this mode, MetroGuard is suited for airport terminals, mass-transit facilities, tunnels and public facilities, Read said.
But like other technology executives, Read warned that security relies on much more than just technology. “What is your threat?” he asked. “What is the potential risk that you see, and how do you go about, in a cost-effective way, hardening that target to the point that it is not attractive as a potential target to a terrorist? Systems like MetroGuard take us steps in that direction to start making some of our softer targets less appealing to terrorists.”
_______________________
The Federal Protective Service
The 10,000 security officers of the Federal Protective Service (FPS) must provide security services to more than a million tenants in federally owned and leased facilities throughout the United States.
Dennis O’Connor, FPS chief of staff, told HSToday that his agency’s responsibilities have been growing since it became a part of the bureau of Immigration and Customs Enforcement (ICE) at DHS. The assistant secretary of ICE authorized FPS to secure all federal facilities, not just those owned or occupied by GSA under its original mandate, on June 6, 2003.
“FPS believes the intent of the Homeland Security Act envisioned a truly government-wide security and law enforcement mission for DHS,” O’Connor said. “FPS has proposed that both programmatically and budgetarily, and those discussions are ongoing.”
FPS is still funded by security fees collected from GSA tenant agencies, so other agencies must reimburse FPS for security and law enforcement activities that occur in collaboration with other agencies, O’Connor noted. Under this situation, FPS has increased the number of its bomb-sniffing dog teams nationwide, implemented a weapons of mass destruction and hazardous material response capability in major American cities, deployed mobile command centers and expanded its intelligence sharing capabilities to provide information to DHS and other local, state and federal law enforcement agencies.
“As a result of these mission capability enhancements, FPS’ profile within the law enforcement community has greatly improved,” O’Connor said. “It’s now viewed as a full partner within federal law enforcement circles at all levels.”
Those partnerships mean that FPS relies on much more than the ISC standards to fulfill its mission. FPS is a member of the ISC and works on standards within the committee, but bases its security recommendations on a wide range of security expertise to address security issues that do not fall under the purview of the ISC or have not yet been addressed by the ISC.

(Visited 44 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply