Cover

Graphic: Illustration of cityscape overlaid with photos of buildings damaged 
by terrorist attacks.

Risk Management Series

Risk Assessment
A How-To Guide to Mitigate
Potential Terrorist Attacks Against Buildings
Providing Protection to People and Buildings



Title Page

Risk Management Series

Risk Assessment
A How-To Guide to Mitigate
Potential Terrorist Attacks Against Buildings
Providing Protection to People and Buildings

Any opinions, findings, conclusions, or recommendations expressed in this 
publication do not necessarily reflect the views of FEMA. Additionally, neither 
FEMA or any of its employees makes any warrantee, expressed or implied, or 
assumes any legal liability or responsibility for the accuracy, completeness, or 
usefulness of any information, product, or process included in this publication. 
Users of information from this publication assume all liability arising from 
such use.



Forward and Acknowledgments

BACKGROUND
The Federal Emergency Management Agency (FEMA) developed this Risk Assessment, A 
How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, to 
provide a clear, flexible, and comprehensive methodology to prepare a risk 
assessment. The intended audience includes the building sciences community of 
architects and engineers working for private institutions, building 
owners/operators/managers, and State and local government officials working in 
the building sciences community.
 

OBJECTIVE AND SCOPE
The objective of this How-To Guide is to outline methods for identifying the 
critical assets and functions within buildings, determining the threats to those 
assets, and assessing the vulnerabilities associated with those threats. Based 
on those considerations, the methods presented in this How-To Guide provide a 
means to assess the risk to the assets and to make risk-based decisions on how 
to mitigate those risks. The scope of the methods includes reducing physical 
damage to structural and non-structural components of buildings and related 
infrastructure, and reducing resultant casualties during conventional bomb 
attacks, as well as chemical, biological, and radiological (CBR) agents. This 
document is written as a How-To Guide. It presents five steps and multiple tasks 
within each step that will lead you through a process for conducting a risk 
assessment and selecting mitigation options. It discusses what information is 
required to conduct a risk assessment, how and where to obtain it, and how to 
use it to calculate a risk score against each selected threat. 

This is one of a series of publications that address security issues in high-
population, private sector buildings. This document is a companion to the 
Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings (FEMA 
426) and the Building Design for Homeland Security Training Course (FEMA E155). 
This document also leverages information contained within the Primer for Design 
of Commercial Buildings to Mitigate Terrorist Attacks (FEMA 427). 

The primary use of this risk assessment methodology is for buildings, although 
it could be adapted for other types of critical infrastructure.
The foundation of the risk assessment methodology presented in this document is 
based on the approach that was developed for the Department of Veterans Affairs 
(VA) through the National Institute for Building Sciences (NIBS). Over 150 
buildings have been successfully assessed using this technique. The risk 
assessment methodology presented in this publication has been refined by FEMA 
for this audience. 

The purpose of this How-To Guide is to provide a methodology for risk assessment 
to the building sciences community working for private institutions. It is up to 
the decision-makers to decide which types of threats they wish to protect 
against and which mitigation options are feasible and cost-effective. 

This How-To Guide views as critical that a team created to assess a particular 
building will be composed of professionals capable of evaluating different parts 
of the building. They should be senior individuals who have a breadth and depth 
of experience in the areas of civil, electrical, and mechanical engineering; 
architecture; site planning and security engineering; and how security and 
antiterrorism considerations affect site and building design. 

The information contained in this document is:
--not mandatory
--not applicable to all buildings
--not applicable when it interferes with other hazards such as fire


ORGANIZATION AND CONTENT
In order to create a safe environment, many factors must be considered. Figure 1 
depicts the risk assessment process presented in this document to help identify 
the best and most cost-effective terrorism mitigation measures for a building’s 
own unique security needs. The first step is to conduct a threat assessment 
wherein the threat or hazard is identified, defined, and quantified (Step 1). 
For terrorism, the threat is the aggressors (people or groups) that are known to 
exist and that have the capability and a history of using hostile actions, or 
that have expressed intentions for using hostile actions against potential 
targets as well as on whom there is current credible information on targeting 
activity (surveillance of potential targets) or indications of preparation for 
terrorist acts. The capabilities and histories of the aggressors include the 
tactics they have used to achieve their ends. The next step of the assessment 
process is to identify the value of a building’s assets that need to be 
protected (Step 2). 

Figure 1: Risk assessment process model. Graphic showing a flow chart.
Step 1: Threat identification and rating
Step 2: Asset Value Assessment
--perform a Cost Analysis by analyzing how mitigation options affect asset 
criticality and ultimately risk
Step 3: Vulnerability Assessment 
--perform a Benefit Analysis to analyze how mitigation options change 
vulnerability and ultimately risk
Step 4: Risk Assessment
Step 5: Consider Mitigation Options
(final step): Risk Management Decision

After conducting a asset value assessment, the next step is to conduct a 
vulnerability assessment (Step 3). A vulnerability assessment evaluates the 
potential vulnerability of the critical assets against a broad range of 
identified threats/hazards. In and of itself, the vulnerability assessment 
provides a basis for determining mitigation measures for protection of the 
critical assets. The vulnerability assessment is the bridge in the methodology 
between threat/hazard, asset value, and the resultant level of risk.

The next step of the process is the risk assessment (Step 4). The risk 
assessment analyzes the threat, asset value, and vulnerability to ascertain the 
level of risk for each critical asset against each applicable threat. Inherent 
in this is the likelihood or probability of the threat occurring and the 
consequences of the occurrence. Thus, a very high likelihood of occurrence with 
very small consequences may require simple low cost mitigation measures, but a 
very low likelihood of occurrence with very grave consequences may require more 
costly and complex mitigation measures. The risk assessment should provide a 
relative risk profile. High-risk combinations of assets against associated 
threats, with the identified vulnerability, allow prioritization of resources to 
implement mitigation measures.

The final step (Step 5) is to consider mitigation options that are directly 
associated with, and responsive to, the major risks identified during Step 4. 
From Step 5, decisions can be made as to where to minimize the risks and how to 
accomplish that over time. This is commonly referred to as Risk Management. 

A number of worksheets are utilized in this How-To Guide. They can be used to 
apply key concepts described in this document and are presented at the end of 
each Step. 

A core element of this How-To Guide is the Building Vulnerability Assessment 
Checklist included in Appendix A. The Checklist can be used to collect and 
report information related to the building infrastructure. It compiles many best 
practices based on technologies and scientific research to consider during the 
design of a new building or renovation of an existing building. It allows a 
consistent security evaluation of designs at various levels. 

A Risk Assessment Database accompanies this publication in the form of computer 
software. The purpose of this database is for a user to collect and organize 
risk scoring, building vulnerability data, and mitigation measures for multiple 
buildings. More information can be found throughout this publication and in 
Appendix B. 

The Building Vulnerability Assessment Checklist and the Risk Assessment Database 
were developed for the Department of Veterans Affairs with assistance from the 
National Institute for Building Sciences.


ACKNOWLEDGMENTS
Principal Authors:
Milagros Nanita Kennett, FEMA, Project Officer, Risk Management Series 
Publications    
Eric Letvin, URS, Project Manager
Michael Chipley, PBSJ
Terrance Ryan, UTD, Inc. 

Contributors: 
Lloyd Siegel, Department of Veterans Affairs
Marcelle Habibion, Department of Veterans Affairs
Kurt Knight, Department of Veterans Affairs
Eve Hinman, Hinman Consulting Engineering
Sarah Steerman, UTD, Inc.
Deb Daly, Greenhorne & O’Mara, Inc.
Julie Liptak, Greenhorne & O’Mara, Inc.
Wanda Rizer, Consultant

Project Advisory Panel:
Elizabeth Miller, National Capital Planning Commission
Doug Hall, Smithsonian Institution
Wade Belcher, General Service Administration
Michael Gressel, CDC/NIOSH
Kenneth Mead, CDC/NIOSH
Robert Chapman, NIST
Lawrence Skelly, Department of Homeland Security
Curt Betts, U.S. Army Corps of Engineers
Earle Kennett, National Institute for Building Sciences
Frederick Krimgold, Virginia Tech
David Hattis, Building Technology, Inc.
Ettore Contestabile, Canadian Explosives Research Laboratory

This How-To Guide was prepared under contract to FEMA. It will be revised 
periodically, and comments and feedback to improve future editions are welcome. 
Please send comments and feedback by e-mail to riskmanagementseriespubs@dhs.gov.



Table of Contents

Foreword and Acknowledgments	i

Step 1:	Threat Identification and Rating	1-1
Task 1.1	Identifying the Threats	1-1
Task 1.2	Collecting Information	1-16
Task 1.3	Determining the Design Basis Threat	1-18
Task 1.4	Determining the Threat Rating	1-24

Step 2:	Asset Value Assessment	2-1
Task 2.1	Identifying the Layers of Defense	2-2
Task 2.2	Identifying the Critical Assets	2-6
Task 2.3	Identifying the Building Core Functions and                         
Infrastructure	 2-17
Task 2.4	Determining the Asset Value Rating	2-23

Step 3:   	Vulnerability Assessment	3-1
Task 3.1	Organizing Resources to Prepare the Assessment	3-2
Task 3.2	Evaluating the Site and Building		3-6
Task 3.3	Preparing a Vulnerability Portfolio	3-11
Task 3.4	Determining the Vulnerability Rating	3-14 

Step 4:	Risk Assessment	4-1
Task 4.1	Preparing the Risk Assessment Matrices	4-2
Task 4.2	Determining the Risk Ratings	4-7
Task 4.3	Prioritizing Observations in the Building Vulnerability Assessment 
Checklist 	4-10

Step 5:	Consider Mitigation Options	5-1
Task 5.1	Identifying Preliminary Mitigation Options	5-2
Task 5.2	Reviewing Mitigation Options	5-6
Task 5.3	Estimating Cost	5-9
Task 5.4	Mitigation, Cost, and the Layers of Defense	5-13

Appendix A	Building Vulnerability Assessment Checklist

Appendix B1	Risk Management Database:  Assessor's User Guide

Appendix B2	Risk Management Database:  Database Administrator's User Guide

Appendix B3	Risk Management Database: Manager's User Guide

Appendix C	Acronyms and Abbreviations


Figures

Foreword and Acknowledgments
Figure 1  Risk assessment process model	iii

Chapter 1
Figure 1-1  Steps and tasks	1-1
Figure 1-2  Total international attacks by region, 1998-2003	1-3
Figure 1-3  Explosive environments - blast range to effect	1-4
Figure 1-4  Incident overpressure as a function of stand-off               
distance	1-6
Figure 1-5  Total facilities affected by international terrorism and weapons of 
choice, 1998-2003	1-16

Chapter 2
Figure 2-1  Steps and tasks	2-1
Figure 2-2  Layers of defense	2-3
Figure 2-3  Layers of defense in urban setting	2-5
Figure 2-4  Layers of defense when a particular building is considered a 
critical asset	2-5
Figure 2-5  Potential blast effects – 200-lb car bomb	2-7
Figure 2-6  Potential blast effects – 11,000-lb truck bomb	2-7
Figure 2-7  Using HAZUS-MH to identify the criticality of assets	2-8

Chapter 3
Figure 3-1  Steps and tasks	3-1
Figure 3-2  Common system vulnerabilities	3-15

Chapter 4
Figure 4-1  Steps and tasks	4-1

Chapter 5
Figure 5-1  Steps and tasks	5-1
Figure 5-2  Cost considerations	5-10
Figure 5-3  Mitigation options for the second layer of defense	5-14
Figure 5-4  Mitigation options for the third layer of defense	5-15


Tables

Chapter 1
Table 1-1  Explosive Evacuation Distance	1-5
Table 1-2  Critical Biological Agent Categories	1-11
Table 1-3  Event Profiles	1-13
Table 1-4  Criteria to Select Primary Threats	1-21
Table 1-5  Nominal Example to Select Primary Threats for a Specific Urban Multi-
story Building	1-22
Table 1-6  Threat Rating	1-25
Table 1-7A  Nominal Example of Threat Rating for an Urban Multi-story Building 
(Building Function)	1-26
Table 1-7B  Nominal Example of Threat Rating for an Urban Multi-story Building 
(Building Infrastructure)	1-26

Chapter 2
Table 2-1  Correlation of the Layers of Defense Against Threats	2-12
Table 2-2  Building Core Functions	2-18
Table 2-3  Building Core Infrastructure	2-20
Table 2-4  Levels of Protection and Recommended Security Measures	2-21
Table 2-5  Asset Value Scale	2-23
Table 2-6A  Nominal Example of Asset Value Rating for an Urban Multi-story 
Building (Building Function)	 2-24
Table 2-6B  Nominal Example of Asset Value Rating for an Urban Multi-story 
Building (Building Infrastructure)	2-24

Chapter 3
Table 3-1  Screening Phase	3-4
Table 3-2  Full On-site Evaluation	3-5
Table 3-3  Detailed Evaluation	3-5
Table 3-4  Vulnerability Rating	3-16
Table 3-5A  Nominal Example of Vulnerability Rating for a Specific Multi-story 
Building (Building Function)	3-17
Table 3-5B  Nominal Example of Vulnerability Rating for a Specific Multi-story 
Building (Building Infrastructure)	3-17

Chapter 4
Table 4-1  Critical Functions Asset Value 	4-4
Table 4-2  Critical Infrastructure Asset Value	4-4
Table 4-3  Critical Functions Threat Rating	4-5
Table 4-4  Critical Infrastructure Threat Rating	4-5
Table 4-5  Critical Functions Vulnerability Rating	4-6
Table 4-6  Critical Infrastructure Vulnerability Rating	4-7
Table 4-7  Total Risk Scale Color Code	4-8
Table 4-8  Site Functional Pre-Assessment Screening Matrix 	4-8
Table 4-9  Site Infrastructure Pre-Assessment Screening Matrix	4-9
Table 4-10  Nominal Example of Observations in the Building Vulnerability 
Assessment Checklist	4-10



Step 1: Threat Identification and Rating

Overview
The first step in the assessment process is to help you to identify threats that 
are a priority concern in your area and that may pose a risk to your assets (see 
Figure 1-1). The threat identification and rating process involves the following 
tasks: 
--Identifying the threats 
--Collecting information 
--Determining the design basis threat
--Determining the threat rating


Figure 1-1: Flowchart: Steps and tasks
Step 1: Threat Identification and Rating
Tasks:
1.1	Identifying the threats 
1.2	Collecting information
1.3 	Determining the design basis threat
1.4	Determining the threat rating
Step 2: Asset Value Assessment
Step 3: Vulnerability Assessment
Step 4: Risk Assessment
Step 5: Consider Mitigation Options

Identifying the Threats (Task 1.1)
For this document, threat is defined as any indication, circumstance, or event 
with the potential to cause loss of, or damage to an asset. Within the military 
services, the intelligence community, and law enforcement, the term “threat” is 
typically used to describe the design criteria for terrorism or manmade 
disasters. The Federal Emergency Management Agency (FEMA) and other civil 
agencies use the term “hazard” in several different contexts. “Natural hazard” 
typically refers to a natural event such as a flood, wind, or seismic disaster. 
“Human-caused (or manmade) hazards” are “technological hazards” and “terrorism” 
and are distinct from natural hazards primarily in that they originate from 
human activity. “Technological hazards” (i.e., a HazMat leak from a railcar) are 
generally assumed to be accidental and that their consequences are unintended. 
(Note that protection against technological hazards can also serve for the 
protection against terrorist attacks.) “Terrorism” is considered an unlawful act 
of force and violence against persons or property to intimidate or coerce a 
government, the civilian population, or any segment thereof, in furtherance of 
political or social objectives.

In this guide, only manmade terrorist threats will be used in the critical 
functions and infrastructure matrices. The importance of technological hazards 
is that they can become a threat if they are targets of malicious attacks. 

Identifying the threats can be a difficult task. Because manmade hazards are 
different from other hazards such as earthquakes, floods, and hurricanes, they 
are difficult to predict. Many years of historical and quantitative data, and 
probabilities associated with the cycle, duration, and magnitude of natural 
hazards exist. The fact that data for manmade hazards are scarce and that the 
magnitude and recurrence of terrorist attacks are almost unpredictable makes the 
determination of a particular threat for any particular site or building 
difficult and largely subjective. 

With any terrorist threats, it is important to understand who the people are 
with the intent to cause harm. The aggressors seek publicity for their cause, 
monetary gain (in some instances), or political gain through their actions. 
These actions include injuring or killing people; destroying or damaging 
facilities, property, equipment, or resources; or stealing equipment, material, 
or information. In some cases, the threat may originate from more than one 
group, with differing methods and motives.

Aggressor tactics run the gamut: moving vehicle bombs; stationary vehicle bombs; 
bombs delivered by persons (suicide bombers); exterior attacks (thrown objects 
like rocks, Molotov cocktails, hand grenades, or hand-placed bombs); attack 
weapons (rocket propelled grenades, light antitank weapons, etc.); ballistic 
attacks (small arms handled by one individual); covert entries (gaining entry by 
false credentials or circumventing security with or without weapons); mail bombs 
(delivered to individuals); supply bombs (larger bombs processed through 
shipping departments); airborne contamination (chemical, biological, or 
radiological [CBR] agents used to contaminate the air supply of a building); and 
waterborne contamination (CBR agents injected into the water supply). 

Domestic terrorism refers to activities that involve acts dangerous to human 
life that are a violation of the criminal laws of the United States or of any 
state; appear to be intended to intimidate or coerce a civilian population; to 
influence the policy of a government by mass destruction, assassination, or 
kidnapping; and occur primarily within the territorial jurisdiction of the 
United States.
 
International terrorism involves violent acts or acts dangerous to human life 
that are a violation of the criminal laws of the United States or any state, or 
that would be a criminal violation if committed within the jurisdiction of the 
United States or any state. These acts appear to be intended to intimidate or 
coerce a civilian population; influence the policy of a government by 
intimidation or coercion; affect the conduct of a government by mass 
destruction, assassination or kidnapping; and occur primarily outside the 
territorial jurisdiction of the United States or transcend national boundaries 
in terms of the means by which they are accomplished, the persons they appear 
intended to intimidate or coerce, or the locale in which their perpetrators 
operate or seek asylum. Totals for international terrorism in 1998-2003 are 
shown by regions in Figure 1-2.

Figure 1-2: Graph: Total international attacks by region, 1998 to 2003. Bar graph 
showing the number of attacks over the years for five categories: Africa, Asia, Eurasia, Latin America, Middle East, North America, and Western Europe. The greatest number of attacks is in the Latin America category.


Explosive Blast Weapons
Two parameters are used to define the explosive blast design threat: the weapon 
size, measured in equivalent pounds of trinitrotoluene (TNT), and the stand-off. 
The stand-off is the distance measured from the center of gravity of the charge 
to the component of interest.

Figures 1-3, 1-4, and Table 1-1 illustrate these principles. Figure 1-3 shows an 
example of a blast range-to-effect chart that indicates the distance or stand-
off to which a given size bomb will produce a given effect. Table 1-1 is a quick 
reference chart that provides recommended evacuation distances for a given 
explosive weight. Figure 1-4 provides a quick method for predicting the expected 
overpressure (expressed in pounds per square inch or psi) on a building for a 
specific explosive weight and stand-off distance. For additional information on 
overpressure and blast effects, see FEMA 426 and 427.

Figure 1-3: Graph: Explosive environments - blast range to effect. Key concerns are 
glass shards and structural collapse. Graph shows the increase in Minimum 
Stand-off (in feet) versus the Weapon Yield (in pounds of TNT), for a 
bomb in a piece of luggage, an automobile, a van, and a truck. 

Table 1-1: Explosive Evacuation Distance

Threat Description: Pipe Bomb
Explosive Mass (TNT Equivalent) (Based on the maximum amount of material that 
could reasonably fit into a container or vehicle. Variations are possible.): 5 
lbs, 2.3 kg	
Building Evacuation Distance (governed by the ability of an unreinforced 
building to withstand severe damage or collapse): 70 ft, 21 m	
Outdoor Evacuation Distance (Governed by the greater of fragment throw distance 
or glass breakage/falling glass hazard distance. These distances can be reduced 
for personnel wearing ballistic protection. Note that the pipe bomb, suicide 
belt/vest, and briefcase/suitcase bomb are assumed to have a fragmentation 
characteristic that requires greater stand-off distances than an equal amount of 
explosives in a vehicle.): 850 ft, 259 m

Threat Description: Suicide Belt
Explosive Mass: 10 lbs, 4.5 kg	
Building Evacuation Distance: 90 ft, 27 m	
Outdoor Evacuation Distance: 1,080 ft, 330 m

Threat Description: Suicide Vest
Explosive Mass: 20 lbs ,9 kg	
Building Evacuation Distance: 110 ft, 34 m	
Outdoor Evacuation Distance: 1,360 ft, 415 m

Threat Description: Briefcase/Suitcase Bomb
Explosive Mass: 50 lbs, 23 kg	
Building Evacuation Distance: 150 ft, 46 m	
Outdoor Evacuation Distance: 1,850 ft, 564 m

Threat Description: Compact Sedan
Explosive Mass: 500 lbs, 227 kg	
Building Evacuation Distance: 320 ft, 98 m
Outdoor Evacuation Distance: 1,500 ft, 457 m

Threat Description: Sedan
Explosive Mass: 1,000 lbs, 454 kg
Building Evacuation Distance: 400 ft, 122 m
Outdoor Evacuation Distance: 1,750 ft, 534 m

Threat Description: Passenger/Cargo Van
Explosive Mass: 4,000 lbs, 1,814 kg
Building Evacuation Distance: 640 ft, 195 m
Outdoor Evacuation Distance: 2,750 ft, 838 m

Threat Description: Small Moving Van/Delivery Truck
Explosive Mass: 10,000 lbs, 4,536 kg
Building Evacuation Distance: 860 ft, 263 m
Outdoor Evacuation Distance: 3,750 ft, 1,143 m

Threat Description: Moving Van/Water Truck
Explosive Mass: 30,000 lbs, 13,608 kg
Building Evacuation Distance: 1,240 ft, 375 m
Outdoor Evacuation Distance: 6,500 ft, 1,982 m

Threat Description: Semitrailer
Explosive Mass: 60,000 lbs, 27,216 kg
Building Evacuation Distance: 1,570 ft, 475 m
Outdoor Evacuation Distance: 7,000 ft, 2,134 m

Figure 1-4: Graph: Incident overpressure as a function of stand-off distance.
Graph shows the increase in Stand-Off Distance (in feet) versus Net Explosive 
Weight (in pounds of TNT), for a bomb in an automobile, a van 
and a truck.

To put the weapon size into perspective, it should be noted that thousands of 
deliberate explosions occur every year within the United States, but the vast 
majority of them have weapon yields of less than 5 pounds. The number of large-
scale vehicle weapon attacks that have used hundreds of pounds of TNT during the 
past 20 years is, by comparison, very small. In general, the largest credible 
explosive size is a function of the security measures in place. Each line of 
security may be thought of as a sieve, reducing the size of the weapon that may 
gain access. Therefore, the largest weapons are considered in totally unsecured 
public spaces (e.g., in a vehicle on the nearest public street), and the 
smallest weapons are considered in the most secured areas of the building (e.g., 
in a briefcase smuggled past the screening station). It should also be noted 
that the likely target is often not the building under consideration by the risk 
assessment, but a high-risk building that is nearby. Historically, more building 
damage has been due to collateral effects than direct attack. Based upon access 
to the agent, the degree of difficulty, and past experience, it can be stated 
that the chance of a large-scale explosive attack occurring is extremely low and 
that a smaller explosive attack is far more likely. 

From the standpoint of structural design, the vehicle bomb is the most important 
consideration and has been a favorite tactic of terrorists. Ingredients for 
homemade bombs are easily obtained on the open market, as are the techniques for 
making bombs.

Vehicle bombs are able to deliver a sufficiently large quantity of explosives to 
cause potentially devastating structural damage. Security design intended to 
limit or mitigate damage from a vehicle bomb assumes that the bomb is detonated 
at a so-called critical location. The critical location is a function of the 
site, the building layout, the security measures in place, and the position of 
the weapon. For a vehicle bomb, the critical location is taken to be at the 
closest point that a vehicle can approach, assuming that all security measures 
are in place. This may be a parking area directly beneath the occupied building, 
the loading dock, the curb directly outside the facility, or at a vehicle-access 
control gate where inspection takes place, depending on the level of protection 
incorporated into the design. 

Another explosive attack threat is the small bomb that is hand delivered. Small 
weapons can cause large damage when they are brought into vulnerable and 
unsecured areas of the building. Greater damage may be caused when the weapon is 
brought into the interior, such as the building lobby, mail room, and retail 
spaces. Recent events around the world make it clear that there is an increased 
likelihood that bombs will be delivered by persons (suicide bombers or hand 
carried bombs) who are willing to sacrifice their own lives. Hand-carried 
explosives are typically on the order of 5 to 10 pounds of TNT equivalent. 
However, larger charge weights, in the 50- to 100-pound TNT equivalent range, 
can be readily carried in rolling cases. Mail bombs are typically less than 10 
pounds of TNT equivalent. 

Sidebar: For design purposes, large-scale truck bombs typically contain 10,000 
pounds or more of TNT equivalent, depending on the size and capacity of the 
vehicle used to deliver the weapon. Vehicle bombs that utilize vans down to 
small sedans typically contain 5,000 to 100 pounds of TNT equivalent, 
respectively. A briefcase bomb is approximately 50 pounds, and a pipe bomb is 
generally in the range of 5 pounds of TNT equivalent. Suicide bombers can 
deliver belts ranging from 10 pounds (teenagers), 15 to 20 pounds (women), and 
30 to 40 pounds (men).


Chemical, Biological, and Radiological Weapons
Three parameters are used to define the CBR design basis threat: the exposure, 
the duration, and the concentration. Each of the CBR agents has different human 
effects and methods of attack.

Chemical, biological, and radiological attacks are an emerging threat and of 
great concern because of the large geographic area contaminated, numbers of 
people affected, and the high economic cost of response and recovery. The use of 
CBR weapons and the stated intent of terrorist groups to acquire and use the 
weapons increases the target set, and the weapons can affect a single building, 
an entire city, multiple counties, or even states. 

Like explosive threats, CBR threats may be delivered externally or internally to 
the building. External ground-based threats may be released at a stand-off 
distance from the building or may be delivered directly through an air intake or 
other opening. Interior threats may be delivered to accessible areas such as the 
lobby, mailroom, loading dock, or egress route. Because there may not be an 
official or obvious warning prior to a CBR event, the best defense is to be 
alert to signs of a release occurring.

Chemical. 
Chemical agents are compounds with unique chemical properties that can produce 
lethal or damaging effects in humans, animals, and plants. Chemical agents can 
exist as solids, liquids, or gases, depending on temperature and pressure. Most 
chemical agents are liquid and can be introduced into an unprotected population 
relatively easily using aerosol generators, explosive devices, breaking 
containers, or other forms of covert dissemination. Dispersed as an aerosol or 
vapor, chemical agents have their greatest potential for inflicting mass 
casualties. There are two categories of chemicals: lethal and incapacitating. 
The lethal chemicals are subdivided into industrial and warfare.

Industrial chemicals are used extensively throughout the nation on a daily 
basis. Lethal industrial chemicals are listed as Toxic Industrial Compounds 
(TICs). Of concern is the use of TICs as a weapon (e.g., derailment of a 
chlorine tanker car), especially in the urban environment.

Chemical agents can have an immediate effect (a few seconds to a few minutes) or 
a delayed effect (several hours to  several days). Although potentially lethal, 
chemical agents are difficult to deliver in lethal concentrations. Outdoors, the 
agents often dissipate rapidly. Chemical agents are also difficult to produce. 
There are six types of agents:
--Choking/lung-damaging (pulmonary) agents such as chlorine and phosgene
--Blood agents such as cyanide
--Vesicants or blister agents such as mustard
--Nerve agents such as GA (tabun), GB (sarin), GD (soman), GF (cyclohexyl 
sarin), and VX (phosphonothioic acid)
--Incapacipating agents such as BZ (3-quinulidinyle benzilate)
--Riot-control agents similar to Mace

Biological. 
Biological agents pose a serious threat because of their accessible nature and 
the rapid manner in which they spread. These agents are disseminated by the use 
of aerosols, contaminated food or water supplies, direct skin contact, or 
injection. Several biological agents can be adapted for use as weapons by 
terrorists. These agents include anthrax (sometimes found in sheep and cattle), 
tularemia (rabbit fever), cholera, the plague (sometimes found in prairie dog 
colonies), and botulism (found in improperly canned food). A biological incident 
will most likely be first recognized in the hospital emergency room, medical 
examiner’s office, or within the public health community long after the 
terrorist attack. The consequences of such an attack may present communities 
with an unprecedented requirement to provide mass protective treatment to 
exposed populations, mass patient care, mass fatality management, and 
environmental health cleanup procedures and plans.

Biological agents are organisms or toxins that can kill or incapacitate people, 
livestock, and crops. The three basic groups of biological agents that would 
likely be used as weapons are bacteria, viruses, and toxins. 

1. Bacteria are small free-living organisms that reproduce by simple division 
and are easy to grow. The diseases they produce often respond to treatment with 
antibiotics.

2. Viruses are organisms that require living cells in which to reproduce and are 
intimately dependent upon the body they infect. Viruses produce diseases that 
generally do not respond to antibiotics; however, antiviral drugs are sometimes 
effective. 

3. Toxins are poisonous substances found in, and extracted from, living plants, 
animals, or microorganisms; some toxins can be produced or altered by chemical 
means. Some toxins can be treated with specific antitoxins and selected drugs.

Most biological agents are difficult to grow and maintain. Many break down 
quickly when exposed to sunlight and other environmental factors, while others 
such as anthrax spores are very long lived. They can be dispersed by spraying 
them in the air, or by infecting animals or humans, as well through food and 
water contamination.

--Aerosols — 
Biological agents are dispersed into the air as an aerosol that may drift for 
miles. Inhaling the agent may cause disease in people or animals. 

--Animals — 
Some diseases are spread by insects and animals, such as fleas, mice, flies, and 
mosquitoes. Deliberately spreading diseases through livestock is also referred 
to as agro-terrorism.

--Food and water contamination — 
Some pathogenic organisms and toxins may persist in food and water supplies. 
Most microbes can be killed, and toxins deactivated, by cooking food and boiling 
water.

Person-to-person spread of a few infectious agents is also possible. Humans have 
been the source of infection for smallpox, plague, and the Lassa viruses. In a 
2002 report, Public Health Assessment of Biological Terrorism Agents, the 
Centers for Disease Control (CDC) has classified biological agents as one of 
three priority categories for initial public health preparedness efforts: A, B, 
or C (see Table 1-2). The CDC maintains a comprehensive list of agents, 
diseases, and other threats at www.bt.cdc.gov/agent/index.asp.

Table 1-2: Critical Biological Agent Categories — Source: Public Health Assessment 
of Potential Biological Terrorism Agents (CDC, 2002)

Category A
Biological Agent: Variola major
Disease: Smallpox

Biological Agent: Bacillus anthracis
Disease: Anthrax

Biological Agent: Yersinia pestis
Disease: Plague

Biological Agent:  Clostridium botulinum (botulinum toxins)
Disease: Botulism

Biological Agent: Francisella tulaensis	
Disease: Tularemia

Biological Agent: Filoviruses and Arenaviruses (e.g., Ebola virus, Lassa virus)
	
Disease: Viral hemorrhagic fevers

Category B
Biological Agent: Coxiella burnetii
Disease: Q fever

Biological Agent: Brucella spp.	
Disease: Brucellosis

Biological Agent: Burkholderia mallei
Disease: Glanders

Biological Agent: Burkholderia pseudomallei
Disease: Meliodosis

Biological Agent: Alphaviruses
Disease: Encephalitis

Biological Agent: Rickettsia prowazekii
Disease: Typhus fever

Biological Agent: Toxins (e.g., Ricin)
Disease: Toxic syndromes

Biological Agent: Chlamydia psittaci
Disease: Psittacosis

Biological Agent: Food safety threats (e.g., Salmonella spp.)	
Disease: (no answer)

Biological Agent: Water safety threats (e.g., Vibrio cholerae)	
Disease: (no answer)

Category C
Biological Agent: Emerging threat agents (e.g., Nipah virus, hantavirus)	
Disease: (no answer)

Agents in Category A have the greatest potential for adverse public health 
impact with mass casualties, and most require broad-based public health 
preparedness efforts (e.g., improved surveillance and laboratory diagnosis and 
stockpiling of specific medications). Category A agents also have a moderate to 
high potential for large-scale dissemination or a heightened general public 
awareness that could cause mass public fear and civil disruption.

Most Category B agents also have some potential for large-scale dissemination 
with resultant illness, but generally cause less illness and death, and, 
therefore, would be expected to have lower medical and public health impacts. 
These agents also have lower general public awareness than Category A agents and 
require fewer special public health preparedness efforts. Agents in this 
category require some improvement in public health and medical awareness, 
surveillance, or laboratory diagnostic capabilities, but present limited 
additional requirements for stockpiled therapeutics beyond those identified for 
Category A agents. Biological agents that have undergone some development for 
widespread dissemination but do not otherwise meet the criteria for Category A, 
as well as several biological agents of concern for food and water safety, are 
included in this category.

Biological agents that are currently not believed to present a high bioterrorism 
risk to public health, but that could emerge as future threats (as scientific 
understanding of these agents improves) were placed in Category C. 

Nuclear and Radiological. 
Nuclear threat is the use, threatened use, or threatened detonation of a nuclear 
bomb or device. At present, there is no known instance in which any non-
governmental entity has been able to obtain or produce a nuclear weapon. The 
most likely scenario is the detonation of a large conventional explosive that 
incorporates nuclear material or detonation of an explosive proximate to nuclear 
materials in use, storage, or transit. Of concern is the increasing frequency of 
shipments of radiological materials throughout the world.

Nuclear explosions can cause deadly effects: blinding light, intense heat 
(thermal radiation), initial nuclear radiation, blast, fires started by the heat 
pulse, and secondary fires caused by the destruction. They also produce 
radioactive particles called fallout that can be carried by wind for hundreds of 
miles.

Terrorist use of a radiological dispersion device (RDD) – often called ”dirty 
nuke” or “dirty bomb” – is considered far more likely than the use of a nuclear 
device. These radiological weapons are a combination of conventional explosives 
and radioactive material designed to scatter dangerous and sub-lethal amounts of 
radioactive material over a general area. Such radiological weapons appeal to 
terrorists because they require very little technical knowledge to build and 
deploy compared to that of a nuclear device. Also, these radioactive materials, 
used widely in medicine, agriculture, industry, and research, are much more 
readily available and easy to obtain compared to weapons grade uranium or 
plutonium.

Terrorist use of a nuclear device would probably be limited to a single smaller 
“suitcase” weapon. The strength of such a  nuclear weapon would be in the range 
of the bombs used during World War II. The nature of the effects would be the 
same as a weapon delivered by an inter-continental missile, but the area and 
severity of the effects would be significantly more limited.

There is no way of knowing how much warning time there would be before an attack 
by a terrorist using a nuclear or radiological weapon. A surprise attack remains 
a possibility. The danger of a massive strategic nuclear attack on the United 
States involving many weapons receded with the end of the Cold War; however, 
some terrorists have been supported by nations that have nuclear weapons 
programs.

Other Threats. 
Other threats discussed in this manual include armed attacks, cyber attacks, 
high-altitude electromagnetic pulse, and high power microwave. These are 
discussed briefly in Table 1-3.

Table 1-3 provides selected threats that you may consider when preparing your 
risk assessment, some of which has not been discussed previously in this How-To 
Guide.

Table 1-3: Event Profiles 
Threat: Improvised Explosive Device (Bomb)
- Stationary Vehicle
- Moving Vehicle
- Mail
- Supply
- Thrown
- Placed
- Suicide Bomber

Application Mode: Detonation of explosive device on or near target; via person, 
vehicle, or projectile. 

Duration: Instantaneous; additional secondary devices may be used, lengthening 
the duration of the threat until the attack site is determined to be clear. 	

Extent of Effects; Static/Dynamic: Extent of damage is determined by type and 
quantity of explosive. Effects generally static other than cascading 
consequences, incremental structural failure, etc. 

Mitigating and Exacerbating Conditions: Blast energy at a given stand-off is 
inversely proportional to the cube of the distance from the device; thus, each 
additional increment of stand-off provides progressively more protection. 
Exacerbating conditions include ease of access to target; lack of 
barriers/shielding; poor construction; and ease of concealment of device.


Threat: Armed Attack
- Ballistics (small arms)
- Stand-off Weapons (rocket propelled grenades, mortars)

Application Mode: Tactical assault or sniper attacks from a remote location.

Duration: Generally minutes to days.	

Extent of Effects; Static/Dynamic: Varies, based upon the perpetrator’s intent 
and capabilities.


Mitigating and Exacerbating Conditions: Inadequate security can allow easy 
access to target, easy concealment of weapons, and undetected initiation of an 
attack.


Threat: Chemical Agent
- Blister
- Blood
- Choking/Lung/Pulmonary
- Incapacitating
- Nerve
- Riot Control/Tear Gas
- Vomiting	

Application Mode: Liquid/aerosol contaminants can be dispersed using sprayers or 
other aerosol generators; liquids vaporizing from puddles/containers; or 
munitions.


Duration: Chemical agents may pose viable threats for hours to weeks, depending 
on the agent and the conditions in which it exists. 

Extent of Effects; Static/Dynamic: Contamination can be carried out of the 
initial target area by persons, vehicles, water, and wind. Chemicals may be 
corrosive or otherwise damaging over time if not remediated.  

Mitigating and Exacerbating Conditions: Air temperature can affect evaporation 
of aerosols. Ground temperature affects evaporation in pools of liquids. 
Humidity can enlarge aerosol particles, reducing the inhalation hazard. 
Precipitation can dilute and disperse agents, but can spread contamination. Wind 
can disperse vapors, but also cause target area to be dynamic. The micro-
meteorological effects of buildings and terrain can alter travel and duration of 
agents. Shielding in the form of sheltering in place may protect people and 
property from harmful effects for a limited time.


Threat: Biological Agent
- Anthrax
- Botulism
- Brucellosis
- Plague
- Smallpox
- Tularemia
- Viral Hemorrhagic Fevers
- Toxins (Botulinum, Ricin, Staphylococ-cal Enterotoxin B, T-2 Mycotoxins)	
Application Mode: Liquid or solid contaminants can be dispersed using 
sprayers/aerosol generators or by point or line sources such as munitions, 
covert deposits, and moving sprayers. May be directed at food or water supplies.
	
Duration: Biological agents may pose viable threats for hours to years, 
depending on the agent and the conditions in which it exists.

Extent of Effects; Static/Dynamic: Depending on the agent used and the 
effectiveness with which it is deployed, contamination can be spread via wind 
and water. Infection can be spread via human or animal vectors. 	
Mitigating and Exacerbating Conditions: Altitude of release above ground can 
affect dispersion; sunlight is destructive to many bacteria and viruses; light 
to moderate winds will disperse agents, but higher winds can break up aerosol 
clouds; and the micro-meteorological effects of buildings and terrain can 
influence aerosolization and travel of agents. 

Threat: Radiological Agent
- Alpha
- Beta
- Gamma	

Application Mode: Radioactive contaminants can be dispersed using 
sprayers/aerosol generators, or by point or line sources such as munitions, 
covert deposits, and moving sprayers. 

Duration: Contaminants may remain hazardous for seconds to years, depending on 
material used. 

Extent of Effects; Static/Dynamic: Initial effects will be localized to site of 
attack; depending on meteorological conditions, subsequent behavior of 
radioactive contaminants may be dynamic. 

Mitigating and Exacerbating Conditions: Duration of exposure, distance from 
source of radiation, and the amount of shielding between source and target 
determine exposure to radiation. 


Threat: Cyber Attacks

Application Mode: Electronic attack using one computer system against another.

Duration: Minutes to days.

Extent of Effects; Static/Dynamic: Generally no direct effects on built 
environment. 

Mitigating and Exacerbating Conditions: Inadequate security can facilitate 
access to critical computer systems, allowing them to be used to conduct 
attacks.

Threat: High-Altitude Electromagnetic Pulse (HEMP)
	
Application Mode: An electromagnetic energy field produced in the atmosphere by 
the power and radiation of a nuclear explosion. It can overload computer 
circuitry with effects similar to, but causing damage much more swiftly than a 
lightning strike.

Duration: It can be induced hundreds to a few thousand kilometers from the 
detonation. 	

Extent of Effects; Static/Dynamic: Affects electronic systems. There is no 
effect on people. It diminishes with distance, and electronic equipment that is 
turned off is less likely to be damaged. 	

Mitigating and Exacerbating Conditions: To produce maximum effect, a nuclear 
device must explode very high in the atmosphere. Electronic equipment may be 
hardened by surrounding it with protective metallic shielding that routes 
damaging electromagnetic fields away from highly sensitive electrical 
components.


Threat: High Power Microwave (HPM) EMP

Application Mode: It is a non-nuclear radio frequency energy field. Radio 
frequency weapons can be hidden in an attaché case, suitcase, van, or aircraft. 
Energy can be focused using an antenna, or emitter, to produce effects similar 
to HEMP, but only within a very limited range.	

Duration: An HPM weapon has a shorter possible range than HEMP, but it can 
induce currents large enough to melt circuitry, or it can cause equipment to 
fail minutes, days, or even weeks later. HPM weapons are smaller-scale, are 
delivered at a closer range to the intended target, and can sometimes be emitted 
for a longer duration.

Extent of Effects; Static/Dynamic: Vulnerable systems include electronic 
ignition systems, radars, communications, data processing, navigation, 
electronic triggers of explosive devices. HPM capabilities can cause a painful 
burning sensation or other injury to a person directly in the path of the 
focused power beam, or can be fatal if a person is too close to the microwave 
emitter.

Mitigating and Exacerbating Conditions: Very damaging to electronics within a 
small geographic area.  A shockwave could disrupt many computers within a 1-mile 
range. Radio frequency weapons have ranges from tens of meters to tens of 
kilometers. Unlike HEMP, however, HPM radiation is composed of shorter wave 
forms at higher-frequencies, which make it highly effective against electronic 
equipment and more difficult to harden against.

Note: Cyber attack focuses on denial of service, worms, and viruses designed to 
attack or destroy critical infrastructure related systems such as energy 
management, supervisory control and data acquisition systems, security, control 
valves, and voice over internet protocol telephones, which are critical systems 
that support multiple functions and are becoming increasingly connected to the 
internet.

It is important to indicate that commercial buildings have been the preferred 
target of recent terrorist attacks. Figure 1-5 illustrates such actions. Between 
1998 and 2003, 1,566 commercial facilities were struck by terrorists while only 
97 government, 170 diplomat facilities, and 41 military facilities were affected 
during the same period.

Figure 1-5: Graph: Total facilities affected by international terrorism and weapons of 
choice, 1998-2003 — Source: Patterns of Global Terrorism 2003, US Department of 
State. Bar graph showing numbers of facilities affected by international 
terrorism in seven locations: Business, Diplomat, Government, Military, and Other. The graph shows that Business is the category most affected.


Collecting Information (Task 1.2)
When collecting information for your threat assessment, you may ask the 
following questions: What groups or organizations exist/are known? Do they have 
capability among themselves or is that capability readily obtainable locally? Do 
they have a history of terrorist acts and what are their tactics? What are the 
intentions of the aggressors against the government, commercial enterprises, 
industrial sectors, or individuals? Has it been determined that targeting 
(planning a tactic or seeking vulnerabilities) is actually occurring or being 
discussed?

For technological hazards, these same questions take a different perspective. 
Does anything that can be a hazard (or be attacked, causing collateral damage) 
exist within a given distance of the building in question? What is the 
capability of that incident to cause harm? Is there a history of this type of 
accident occurring? 

Many security and intelligence organizations are a good source of information 
and data for threat assessments. These organizations include the police 
department (whose jurisdiction includes the building or site), the local State 
police office, and the local office of the Federal Bureau of Investigation 
(FBI.) In many areas of the country, there are threat coordinating committees, 
including FBI Joint Terrorism Task Forces, that facilitate the sharing of 
information. In addition, the CDC, the U.S. Department of Homeland Security 
(DHS), and the Homeland Security Offices (HSOs) at the State level are good 
sources of information. For technological hazards, it is important to gather 
information from the local fire department and hazardous materials (HazMat) 
unit, Local Emergency Planning Committee (LEPC), and State Emergency Response 
Commission (SERC). LEPC and SERC are local and State organizations established 
under a U.S. Environmental Protection Agency (EPA) program. They identify 
critical facilities in vulnerable zones and generate emergency management plans. 
Additionally, most fire departments understand which industries in the local 
area handle the most combustible materials and the HazMat unit understands who 
handles materials that could have a negative impact upon people and the 
environment. In many jurisdictions, the HazMat unit is part of the fire 
department.

Other good sources of information include the Department of Homeland Security 
Information Analysis and Infrastructure Protection (IA/IP) Directorate and, 
under the Director, Central Intelligence Agency (CIA), the Terrorist Threat 
Integration Center (TTIC). The IA/IP Directorate and the TTIC  enhance 
intelligence fusion to bring together all terrorist information in one place, 
enabling America’s best intelligence analysts and investigators from multiple 
departments to work as a team to put together the pieces of the puzzle. 

Threat information is communicated through The Homeland Security Information 
Network. This communications system delivers real-time interactive connectivity 
among State and local partners and with the DHS Homeland Security Operations 
Center (HSOC) through the Joint Regional Information Exchange System (JRIES). 
Other DHS agencies participate through seats at the HSOC and their own 
operations centers, and the system will be further expanded within DHS 
operations. Each State and major urban area’s Homeland Security Advisor and 
other points of contact will receive software licenses, technology, and training 
to participate in the information sharing and situational awareness that JRIES 
already brings to State and local homeland security personnel across the United 
States. Examples of other points of participation include State National Guard 
offices, Emergency Operations Centers (EOCs), and first responder and Public 
Safety departments.

The network significantly strengthens the flow of real-time threat information 
to State, local, and private sector partners at the Sensitive-but-Unclassified 
level (SBU), and provides a platform for communications through the classified 
SECRET level to State offices. The program is built upon the JRIES platform, a 
secure network and a suite of applications currently operating at the SBU level. 
Participants currently include approximately 100 organizations, including 
Federal agencies, States, municipalities, and other local government entities, 
with a significant law enforcement user base. All participating entities have a 
certified counterterrorism mission. Approximately 1,000 users currently have 
access to the system. 


Determining the Design Basis Threat (Task 1.3)
Stopping a terrorist or physical attack on a building is very difficult; any 
building or site can be breached or destroyed. Weapons, tools, and tactics can 
change faster than a building can be modified against a particular threat. 
However, the more secure the building or site and the better the building is 
designed to withstand an attack, the better the odds the building will not be 
attacked or, if attacked, it will suffer less damage. Terrorists generally 
select targets that have some value as a target, such as an iconic commercial 
property, symbolic government building, or structure likely to inflict 
significant emotional or economic damage such as a shopping mall or major 
seaport. 

The type and size of the weapons to be considered in the threat assessment are 
usually selected by the building stakeholders in collaboration with the 
Assessment Team (i.e., engineers who specialize in the design of structures to 
mitigate the effects of explosions - see Step 3 of this How-To Guide). The 
threat assessment and analysis for any building can range from a general threat 
scenario to a very detailed examination of specific groups, individuals, and 
tactics that the building may need to be designed to repel or defend against. 
For this How-To Guide, a simplified method has been selected to help the 
Assessment Team and building stakeholders to identify the primary threats to 
their buildings (see Selecting Primary Threats below and Table 1-4).

Table 1-4: Criteria to Select Primary Threats

Scenario: 9-10	
Access to Agent: Readily available
Knowledge/Expertise: Basic knowledge/open source
History of Threats Building Functions/Tenants): Local  
incident, occurred recently, caused great damage; building functions and  
tenants were primary targets
Asset Visibility/Symbolic: Existence widely known/iconic
Asset Accessibility: Open access, unrestricted parking
Site Population/Capacity: > 5,000
Collateral Damage/Distance to Building: Within 1,000-foot radius

Scenario: 6-8
Access to Agent: Easy to produce
Knowledge/Expertise: Bachelor’s degree or technical school/open scientific or 
technical literature
History of Threats Building Functions/Tenants): Regional/State incident, 
occurred a few years ago, caused substantial damage; building functions and 
tenants were one of the primary targets 
Asset Visibility/Symbolic: Existence locally known/landmark
Asset Accessibility: Open access, restricted parking
Site Population/Capacity: 1,001-5,000
Collateral Damage/Distance to Building: Within 1-mile radius

Scenario: 3-5
Access to Agent: Difficult to produce or acquire
Knowledge/Expertise: Advanced training/rare scientific or declassified 
literature  History of Threats Building Functions/Tenants):   National incident, 
occurred some time in the past, caused important damage; building functions and 
tenants were one of the primary targets 
Asset Visibility/Symbolic: Existence published/well-known
Asset Accessibility: Controlled access, protected entry
Site Population/Capacity: 251-1,000
Collateral Damage/Distance to Building: Within 2-mile radius

Scenario: 1-2
Access to Agent: Very difficult to produce or acquire
Knowledge/Expertise: Advanced degree or training/classified information
History of Threats Building Functions/Tenants): International incident, occurred 
many years ago, caused localized damage; building functions and tenants were not 
the  primary targets
Asset Visibility/Symbolic: Existence not well-known/no symbolic importance
Asset Accessibility: Remote location, secure perimeter, armed guards, tightly 
controlled access	
Site Population/Capacity: 1-250
Collateral Damage/Distance to Building: Within 10-mile radius


It is important to indicate that there are other sophisticated methods and 
criteria that can be used for more detailed threat analysis, including the TM5-
853 Army-Air Force Security Engineering Manual, the State of Florida HLS-CAM 
vulnerability and criticality matrix, the Department of Defense (DoD) CARVER 
process, and the FEMA 386-7 Site/Building Inherent Vulnerability Assessment 
Matrix. The determination of which method to be used should be left to the 
Assessment Team and building owners.

The methodology presented in this How-To Guide is based upon several 
methodologies, including some of the ones listed above. It provides a simple and 
straight forward approach to focus on the primary threats using selected 
criteria. These primary threats will help the Assessment Team and stakeholders 
complete the risk assessment and focus on proper mitigation measures. 


Selecting Primary Threats
Unlike natural disasters, terrorists continually evaluate, plan, and seek to 
exploit the weakest building protective design features. Therefore, it becomes 
impossible both from a technical and benefit/cost point to try to protect 
everything from every type of attack. The building stakeholders have to make a 
determination as to what the design basis threat is for their building and what 
level of protection they can afford. As the terrorist threat changes over time, 
the building stakeholders may wish to revisit this part of the risk assessment 
process.

To select your primary threats, the criteria described below have been provided. 
The selected criteria are part of Table 1-4, which is designed to help you to 
determine your potential threat. Scores from 1 to 10 (10 being the greater 
threat) are described.

--Access to Agent. 
The ease by which the source material can be acquired to carry out the attack. 
Consideration includes the local materials of HazMat inventory, farm and mining 
supplies, major chemical or manufacturing plants, university and commercial 
laboratories, and transportation centers.

--Knowledge/Expertise. 
The general level of skill and training that combines the ability to create the 
weapon (or arm an agent) and the technical knowledge of the systems to be 
attacked (heating, ventilation, and air conditioning [HVAC], nuclear, etc.). 
Knowledge and expertise can be gained by surveillance, open source research, 
specialized training, or years of practice in industry. 

--History of Threats (Building Functions/Tenants). 
What has the potential threat element done in the past, how many times, and was 
the threat local, regional, national, or international in nature? When was the 
most recent incident and where, and against what target? Are the building 
functions and tenants attractive targets for the terrorist?

--Asset Visibility/Symbolic. 
The economic, cultural, and symbolic importance of the building to society that 
may be exploited by the terrorist seeking monetary or political gain through 
their actions.

--Asset Accessibility. 
The ability of the terrorist to become well-positioned to carry out an attack at 
the critical location against the intended target. The critical location is a 
function of the site, the building layout, and the security measures in place. 

--Site Population/Capacity. 
The population demographics of the building and surrounding area.

--Collateral Damage/Distance to the Building. 
The potential of the threat to cause collateral damage or disruption to the 
building of interest. The building of interest is not considered the primary 
target.

Table 1-4 is used in conjunction with Table 1-3 to create a general Threat 
Scenario for the site or building. Table 1-5 illustrates the use of the threat 
scoring matrix for a typical multi-story commercial office building in an urban 
area with underground parking, internet enabled environmental energy management 
system, Voice over Internet Protocol (VoIP) telecommunications system, Internal 
Protocol/Transmission Control Protocol (IP/TCP) enabled security system using 
local area network (LAN) and wireless connectivity for closed-circuit 
televisions (CCTVs) and entry access control, and standard hard wire 
connectivity for the fire alarm system. Your potential threats will be selected 
from those reaching the highest scores.


Table 1-5: Nominal Example to Select Primary Threats for a Specific Urban Multi-
story Building

Table Description: Seven Scenario categories with varying numbers of 
subcategories. For each category and subcategory, the Criteria listed are ranked 
and totaled: 
--Access to Agent
--Knowledge/Expertise
--History of Threats (Building Functions/Tenants)
--Asset Visibility/Symbolic
--Asset Accessibility
--Site Population/Capacity
--Collateral Damage/Distance to Building
	
Note: the values for “Asset Visibility/Symbolic,” “Asset Accessibility,” and 
“Site Population/Capacity” are constants because a single building is being 
analyzed. 

The seven scenario categories and subcategories: 

1. Improvised Explosive Device (Bomb):
1-lb. Mail Bomb; 5-lb. Pipe Bomb; 50-lb. Satchel Bomb/Suicide Bomber; 500-lb. 
Car Bomb; 5,000-lb. Truck Bomb; 20,000-lb. Truck Bomb; and Natural Gas.
	
2. Bomb/Aircraft/Ship:
Small Aircraft; Medium Aircraft; Large Aircraft; and Ship.

3.Chemical Agent:
Choking (Chlorine, Phosgene); Blood (Hydrogen Cyanide); Blister
(Lewisite); and Nerve (Sarin).

4. Biological Agent:
Bacteria (Anthrax, Plague, Tularemia); Viruses (Hemorrehagic Fevers, Smallpox);
Toxins (Botulinum, Ricin)

5. Radiological Agent:
"Dirty Bomb"; Spent Fuel Storage; Nuclear Plant

6. Armed Attack:
RPG/LAW/Mortar; Ballistic

7. Cyber Attack:
Worm; Virus; Denial of Service

 
For the nominal example, the five primary threats that will be examined include: 
--Vehicle Bomb. 
500-lb. car bomb detonating within 15 feet of building exterior

--Chemical Agent. 
Sarin gas most toxic of the listed agents; assumed worst case

--Biological Agent. 
Recent mail attacks with Ricin; no antidote, high economic productivity loss

--Cyber Attack. 
Impact on Emergency Management Systems (EMS), VoIP telecommunications, security 
systems

The “dirty bomb” and armed assault are other potential threats that could be 
considered, but are left out of this analysis for simplicity.

These examples reveal subjective estimates and summed scores and provide a first 
level analysis of the primary threats that may affect your site or building. To 
complete this portion of your risk assessment, you should use Worksheet 1-1. 


Determining the Threat Rating (Task 1.4)
Having selected the primary threats for your site or building, the next step is 
to determine how the threat will affect the functions and critical 
infrastructure. The threat rating is an integral part of the risk assessment and 
is used to determine, characterize, and quantify a loss caused by an aggressor 
using a weapon or agent and tactic against the target (asset). The threat rating 
deals with the likelihood or probability of the threat occurring and the 
consequences of its occurrence.

For determining the threat rating, this How-To Guide provides a methodology 
based on consensus opinion of the building stakeholders, threat specialists, and 
engineers. (This group could be expanded as necessary to help refine the scoring 
process.) Table 1-6 provides a scale to help you with this process. The scale is 
a combination of a 7-level linguistic scale and a 10-point numerical scale (10 
being the greater threat). The key elements of this scale are the 
likelihood/credibility of a threat, potential weapons to be used during a 
terrorist attack, and information available to decision-makers. The primary 
objective is to look at the threat, the geographic distribution of functions and 
critical infrastructure, redundancy, and response and recovery to evaluate the 
impact on the organization should a primary threat attack occur. Tables 1-7A and 
1-7B display a nominal example of applying these ratings for an urban multi-
story building.


Table 1-6: Threat Rating

Threat: Very High
Scale Rating: 10
Likelihood: Very High – The likelihood of a threat, weapon, and tactic being 
used against the site or building is imminent. Internal decision-makers and/or 
external law enforcement and intelligence agencies determine the threat is 
credible.

Threat: High
Scale Rating: 8-9
Likelihood: High – The likelihood of a threat, weapon, and tactic being used 
against the site or building is expected. Internal decision-makers and/or 
external law enforcement and intelligence agencies determine the threat is 
credible.

Threat: Medium High
Scale Rating: 7
Likelihood: Medium High – The likelihood of a threat, weapon, and tactic being 
used against the site or building is probable. Internal decision-makers and/or 
external law enforcement and intelligence agencies determine the threat is 
credible.

Threat: Medium
Scale Rating: 5-6
Likelihood: Medium – The likelihood of a threat, weapon, and tactic being used 
against the site or building is possible. Internal decision-makers and/or 
external law enforcement and intelligence agencies determine the threat is 
known, but is not verified.

Threat: Medium Low
Scale Rating: 4
Likelihood: Medium Low – The likelihood of a threat, weapon, and tactic being 
used in the region is probable. Internal decision-makers and/or external law 
enforcement and intelligence agencies determine the threat is known, but is not 
likely.

Threat: Low
Scale Rating: 2-3
Likelihood: Low – The likelihood of a threat, weapon, and tactic being used in 
the region is possible. Internal decision-makers and/or external law enforcement 
and intelligence agencies determine the threat exists, but is not likely.

Threat: Very Low
Scale Rating: 1
Likelihood: Very Low – The likelihood of a threat, weapon, and tactic being used 
in the region or against the site or building is very negligible. Internal 
decision-makers and/or external law enforcement and intelligence agencies 
determine the threat is non-existent or extremely unlikely.


Worksheet 1-2 helps you organize and determine the threat rating in terms of 
building functions and infrastructure (see Task 2.3). The purpose is to produce 
a more informed opinion regarding the manmade hazards that affect your assets. 

As a starting point, use a value of 5 and assume a medium level of threat; then 
adjust the threat rating up or down based on consensus. Note that the threat 
rating is independent of the building function and infrastructure because it is 
assumed to be ubiquitous to the entire building and the same threat numeric 
value is used vertically for each function or infrastructure component (see 
Tables 1-7A and 1-7B). 


Table 1-7A: Nominal Example of Threat Rating for an Urban Multi-story Building 
(Building Function)

Table description:
Eight Building Function Categories to rate: 
Administration; Engineering; Warehousing; Data Center; Food Service; 
Security; Housekeeping; and Day Care.

Five Threat Categories for each of the building function categories: Cyber 
Attack; Vehicle Bomb; Suicide Bomber; Chemical (Sarin); and Biological (Ricin)
	

Table 1-7B: Nominal Example of Threat Rating for an Urban Multi-story Building 
(Building Infrastructure)

Table description: 
10 Building Infrastructure to rate the threats: Site; Architectural; Structural 
Systems; Envelope Systems; Utility Systems; Mechanical Systems; Plumbing 
and Gas Systems; Electrical Systems; Fire Alarm Systems; and IT/Communications 
Systems.

Five Threat Categories for each of the building infrastructure categories: Cyber 
Attack; Vehicle Bomb; Suicide Bomber; Chemical (Sarin); and Biological (Ricin).

	
Worksheet 1-1: Selection of primary threats
Worksheet 1-1 will help you to select your primary threats. Building 
stakeholders and the Assessment Team should review criteria provided in Task 1.3 
of this How-To Guide to fill out this Worksheet. After ranking each threat 
against the provided criteria (Table 1-2), the threat scores should be summed. 
The top scoring threats (select three to ten of the threats based on score 
dispersion) become the major threats that you will use for the preparation of 
your risk assessment.  

Seven criteria categories to rate the scenarios: Access to Agent; 
Knowledge/Expertise; History of Threats (Building Functions/Tenants); Asset 
Visibility/Symbolic; Asset Accessibility; Site Population/Capacity; and 
Collateral Damage/Distance to Building.

Scenarios:
--Improvised Explosive Device (Bomb): 1-lb. Mail Bomb; 5-lb. Pipe Bomb; 50-lb. 
Satchel Bomb/Suicide Bomber; 500-lb. Car Bomb; 5,000-lb. Truck Bomb; 20,000-lb. 
Truck Bomb; Natural Gas.								

--Bomb/Aircraft/Ship: Small Aircraft; Medium Aircraft; Large Aircraft; Ship.
				
--Chemical Agent: Choking (Chlorine, Phosgene); Blood (Hydrogen Cyanide); 
Blister (Lewisite); Nerve (Sarin).
								
--Biological Agent: Bacteria (Anthrax; Plague, Tularemia); Viruses 
(Hemorrehagic, Fevers, Smallpox); Toxins (Botulinum, Ricin).

--Radiological Agent: “Dirty Bomb”; Spent Fuel Storage; Nuclear Plant.	
							
--Armed Attack: RPG/LAW/Mortar; Ballistic.						
	
--Cyber Attack: Worm; Virus; Denial of Service.					
			

Worksheet 1-2: threat rating 
Worksheet 1-2 can be used to complete your risk assessment and will be used in 
conjunction with Worksheets 4-1 and 4-2. It can be used to discuss priority 
threats with building stakeholders and among the members of the Assessment Team. 
To fill out this table, analyze the impact of a particular threat on the 
building core functions and building infrastructure components of your building. 
Use the results of Worksheet 1-1 to assist you in this process. Building core 
functions and building infrastructure components are defined in Section 2.3 of 
this How-To Guide.

Threat Rating:
Very High: 10
High: 8-9
Medium High: 7
Medium: 5-6
Medium Low: 4
Low: 2-3
Very Low: 1


Assign a Threat Rating (one column for each threat) for each building function 
and infrastructure:

--Function
Administration
Engineering
Warehousing
Data Center
Food Service
Security
Housekeeping
Day Care
Other

--Infrastructure
Site
Architectural
Structural Systems
Envelope Systems
Utility Systems
Mechanical Systems
Plumbing and Gas Systems
Electrical Systems
Fire Alarm Systems
IT/Communications Systems



Step 2: Asset Value Assessment

Overview
The second step in the assessment process is to identify the assets of your 
area, site, and building that may be affected by a threat (see Figure 2-1). 
Asset value can be defined as a degree of debilitating impact that would be 
caused by the incapacity or destruction of an asset. An asset refers to a 
resource of value requiring protection. It can be tangible (i.e., buildings, 
facilities, equipment activities, operations, and information) or intangible 
(i.e., processes or a company’s information and reputation).

The asset value assessment process involves the following tasks: 
--Identifying the layers of defense
--Identifying the critical assets
--Identifying the building core functions and infrastructure
--Determining the asset value rating

Figure 2-1: Steps and tasks
Step 2: Asset Value Assessment
TASKS:
2.1	Identifying the layers of defense
2.2	Identifying the critical assets
2.3	Identifying the building core functions and infrastructure
2.4	Determining the asset value rating


In this How-To Guide, the identification of the assets is done within the 
concept of layers of defense. The objective of layers of defense is to create a 
succeeding number of security layers more difficult to penetrate, provide 
additional warning and response time, and allow building occupants to move into 
defensive positions or designated safe haven protection. This approach will be 
especially helpful for identifying your mitigation options after you conclude 
your risk assessment.

To identify and prioritize a building’s critical assets is a vital step in the 
process to improve its level of protection prior to a terrorist attack. 
Recognizing that people are a building’s most critical asset, the process 
described throughout this step will help you to identify and prioritize those 
assets where people are most at risk and require protection.


Identifying the Layers of Defense (Task 2.1)
The layers of defense is a traditional approach in security engineering and use 
concentric circles extending out from an area or site to the building or asset 
that requires protection. They can be seen as demarcation points for different 
security strategies. Identifying the layers of defense early in the assessment 
process will help you to understand better the assets that require protection 
and determine your mitigation options. Figure 2-2 shows the layers of defense 
described below. 

Figure 2-2: Layers of defense.
Graphic showing an overhead view of a building's layout and the general 
parameters of the first (outermost), second, and third (inner most) layers of 
defense.

First Layer of Defense. 
This involves understanding the characteristics of the surrounding area, 
including construction type, occupancies, and the nature and intensity of 
adjacent activities. It is specifically concerned with buildings, installations, 
and infrastructure outside the site perimeter. For urban areas, it also includes 
the curb lane and surrounding streets.

Second Layer of Defense. 
This refers to the space that exists between the site perimeter and the assets 
requiring protection. It involves the placement of buildings and forms in a 
particular site and understanding which natural or physical resources can 
provide protection. It entails the design of access points, parking, roadways, 
pedestrian walkways, natural barriers, security lighting, and signage. For urban 
areas, it refers specifically to the building yard.

Third Layer of Defense. 
This deals with the protection of the asset itself. It proposes to harden the 
structures and systems, incorporate effective HVAC systems and surveillance 
equipment, and wisely design and locate utilities and mechanical systems. Note 
that, of all blast mitigation measures, distance is the most effective measure 
because other measures vary in effectiveness and can be more costly. However, 
often it is not possible to provide adequate stand-off distance. For example, 
sidewalks in many urban areas may be less than 10 meters (33 feet), while 
appropriate stand-off may require a minimum of 25 meters (82 feet). 

Designers should consider providing adequate stand-off distance when possible. 
In this case, the hardening of the building is a second choice. 


Urban versus Rural
The layers of defense are not predetermined and they may vary from site to site 
and from building to building. If a particular building requiring protection is 
part of a campus or located in a rural, semi-rural, or urban area, a similar 
analysis may be applicable for all cases when determining the importance of the 
asset. However, the security elements necessary to protect the building can be 
entirely different, depending on its location. The approach suggests 
establishing different demarcation points in order to identify sound security 
strategies. The layers of defense concept proposes that each designer study a 
particular site and determine critical assets that need to be protected and how 
protection should take place.
 
Figure 2-3 depicts the security elements that may be considered in an urban 
setting. It shows how the second layer of defense becomes extremely important to 
protect a building in an urban area. Note that the elements described below may 
require a different method of protection for a campus or a rural site. 

Figure 2-3: Layers of defense in a urban setting.
Graphic showing the layers of defense on the street level, from the building (third 
layer) through the building yard (second layer) to the sidewalk, curb lane, and street 
(first layer).

Major layers for an urban setting include:
--Curb Lane (First Layer of Defense). 
This area refers to the lane of the street closest to the sidewalk. Typically it 
is used for curbside parking, passenger drop-off, loading, and service vehicles. 
Curbside parking should not be removed unless additional stand-off distance is 
absolutely required for high-target buildings. When required, sidewalks can be 
widened to incorporate the area devoted to the curb lane. 
 
--Sidewalk (First Layer of Defense). 
This area serves as the common space for pedestrian interaction, moment, and 
activity. If possible, sidewalks should be left open and accessible to 
pedestrians and security elements should not interfere with the circulation. The 
streetscape could include hardened versions of parking meters, streetlights, 
benches, planters, and trash receptacles. The use of retractable bollards is a 
great solution when the width of the street does not allow the placement of 
security elements.

--Building Yard (Second Layer of Defense). 
This area refers to the exterior space between the building and the sidewalk. It 
consists of a grassy area adjacent to the building flush with the sidewalk or a 
planted bed raised above the level of the sidewalk. It also includes pedestrian 
entries and loading docks. For the building yard, security components should 
complement the building architecture and landscaping. Security elements should 
be located near the outer edge of the yard. A planter or raised plinth wall 
provides a good security barrier in this layer.

Figure 2-4 shows the layers of defense in a campus or rural/semi-rural setting 
that may be required for a campus when a particular building is considered a 
critical asset. Protection entails considering access points, parking, roadways, 
pedestrian walkways, natural and physical barriers, security lighting, and 
signage. Similar situations can be encountered in a campus setting or in a rural 
or semi-rural area. 


Figure 2-4: Layers of defense when a particular building is considered a 
critical asset. 
Graphic showing a drawing plan noting the layers of defense from an overhead view.


Identifying the Critical Assets (Task 2.2)
This task involves identifying critical assets within the layers of defense 
described in Task 2.1. The purpose is to help you determine those assets 
essential to the minimum operation of your building, and to ensure the health 
and safety of the building and its occupants. Table 2-1 is a starting point for 
this exercise. Appendix A of this How-To Guide -- the Building Vulnerability 
Assessment Checklist -- provides detailed information regarding the 
vulnerability of your assets. 
 
Table 2-1. Correlation of the Layers of Defense Against Threats. 
Table description: Six threat types marked based on debilitating conditions for 
each of the three layers of defense. The six threat types are Cyber Attack; 
Vehicle Bomb; Suicide Bomber; Chemical; Biological; and Other.

Identifying Critical Assets for the First Layer of Defense. 
One of the first steps when identifying your critical assets is to understand 
your surrounding areas and how construction types, occupancies, functions, and 
activities adjacent to your asset can pose a threat or serve to protect your 
asset. It is essential to understand the interdependencies and distance that 
separate your building and off-site facilities. Off-site facilities can include:
--Landmarks and iconic buildings
--Law enforcement, fire departments, and hospital buildings
--Federal facilities
--Embassies
--Key commercial properties
--HazMat storage areas and chemical manufacturing plants
--Transportation (roads, avenues of approach, bridges, railroads, tunnels, 
airports, and ports)
--Telecommunications and utility services

To assess your assets, you may want to consider different scenarios. For 
example, a car bomb may be able to carry 200 pounds of TNT and a truck bomb may 
be able to carry 11,000 pounds of TNT. If it is possible that these bombs could 
be placed proximate to your building, you may want to determine potential 
damages that they could cause, as well as protective actions for your building. 
To assess potential damage, the use of Geographic Information Systems (GISs) can 
be an invaluable resource. Figures 2-5 and 2-6 depict this process. There are 
several powerful GIS systems available that can help you to determine your 
critical asset within the first layer of defense. For this How-To Guide, we 
suggest the use of HAZUS-MH, described in Figure 2-7. Note that the use of GIS 
is not required to prepare assessment studies; it is only a tool to facilitate 
the process.

Figure 2-5. Potential blast effects of a 200 pound car bomb. 
Graphic showing an aerial view of a building, the location of the car bomb, 
and the potential reach of the blast.

Figure 2-6. Potential blast effects of a 11,000 pound truck bomb. 
Graphic showing an aerial view of a building, the location of the truck bomb, 
and the potential reach of the blast.

Figure 2-7. Using HAZUS-MH to identify the criticality of assets.
Text-based figure with small computer screen shots to illustrate 
points made.

HAZUS-MH is GIS based software developed to estimate losses from earthquakes, 
floods, and hurricane winds.

HAZUS-MH takes into account various impacts of a hazard event such as:
• Physical damage: damage to residential and commercial buildings, schools, 
critical facilities, and infrastructure
• Economic loss: lost jobs, business interruptions, and repair and 
reconstruction costs
• Social impacts: impacts to people, including requirements for shelters and 
medical aid

HAZUS-MH includes the largest compilation of geo-reference data made available 
by the Federal Government at no cost. The HAZUS-MH provided inventory data are 
gathered from the nationally available data sources and include the following: 
 
General Building Stock includes residential, commercial, and industrial building 
types. HAZUS-MH groups the general building stock into 39 specific model 
building types and 33 specific occupancy classes.  

Essential Facilities include hospitals and other medical facilities, police and 
fire stations, EOCs, and schools that are often used as shelters.  

Hazardous Material Facilities include storage facilities for industrial or 
hazardous materials such as corrosives, explosives, flammable materials, 
radioactive materials, and toxins.

High Potential Loss Facilities include nuclear power plants, dams, levees, and 
military installations.

Transportation Lifeline Systems include the following types of infrastructure 
inventory data: 
• Airways – airport facilities, airport runways, heliport facilities, and 
heliport landing pads
• Highways – bridges, tunnels, and road segments
• Railways – tracks, tunnels, bridges, and facilities (railyards and depots)
• Waterways – ports (locks, seaports, harbors, dry docks, and piers) and ferries
• Bus Stations

Utility Lifeline Systems include potable water, wastewater, oil, natural gas, 
electric power, and communications systems. 
 
Demographics include people assets of the inventory data regarding total 
population; age, gender, and race distribution; income distribution; number of 
owners and renters; building age; and other data obtained from the U.S. Census 
Bureau and Dun & Bradstreet.  The demographic data are aggregated at the Census 
block or Census tract level.

The database sets in HAZUS-MH are easily converted into visual charts, maps, and 
graphics for a given site or building.

Training is necessary to run HAZUS-MH and other GIS software. In case of HAZUS-
MH, the user must be familiarized with Windows-based environments, GIS software 
(ArcGIS® 8.3), and data manipulation.

HAZUS-MH is a non-proprietary software that can be ordered at no charge at 
http://www.fema.gov/hazus


Identifying Critical Assets for the Second Layer of Defense. To identify your 
critical assets, you need to understand how important they are in terms of 
protecting people and key operations. Table 2-1 provides a nominal example of 
the components that may be of concern when establishing your critical asset. The 
elements across the top include the different threats that you may have 
identified. The column to the left provides a list of concerns related to your 
site. This process can be further expanded by consulting the Building 
Vulnerability Assessment Checklist in Appendix A. When determining your asset 
value, you may ask the following questions:
--Are perimeter fences or other types of barrier controls in place? 
--What are the access points to the site or building? 
--Is there vehicle and pedestrian access control at the perimeter of the site?
--Does site circulation prevent high-speed approaches by vehicles?
--Is there a minimum setback distance between the building and parked vehicles?
--In dense, urban areas, does curb lane parking allow uncontrolled vehicles to 
park unacceptably close to a building in public rights-of-way?  
--What are the existing types of vehicle anti-ram devices for the site or 
building?
--Do existing landscape measures/features (walls, fountains, berms, etc.) 
deflect or dissipate the blast pressure?
--Are these devices at the property boundary or at the building?

Identifying Critical Assets for the Third Layer of Defense. When estimating your 
critical assets within the third layer of defense, you need to consider the 
structural and non-structural soundness of your building, as well as the 
possibility of mechanical, plumbing, and electrical systems continuing 
operations after an attack. Given the evolving nature of the terrorist threat, 
it is hard to estimate the value of your assets. For example, due to the 
catastrophic consequences of progressive collapse, evaluating the structural 
components of your building can become a high priority. Windows that are the 
weakest part of a building can become a crucial issue. Other important elements 
for blast design may include hardening of mechanical and electrical systems and 
creating appropriate redundancies. The location of air-intakes and limiting the 
access of the public to main systems can become critical for reducing potential 
damage from terrorist attacks. The upgrade of HVAC systems and the adoptions of 
efficient filtering systems can become a key consideration when establishing 
critical assets. 

Table 2-1 is provided to assist you in assessing your critical assets. As 
previously stated, you may also want to consult the Building Vulnerability 
Assessment Checklist provided in Appendix A to further analyze your concerns. 
When determining your critical assets for the third layer of defense, you may 
ask the following questions:
--What is the designed or estimated protection level of the exterior walls 
against the postulated explosive threat?
--Is the window system design on the exterior façade balanced to mitigate the 
hazardous effects of flying glazing following an explosive event? (glazing, 
frames, anchorage to supporting walls, etc.)
--Do non-window openings, such as mechanical vents and exposed plenums, provide 
the same level of protection required for the exterior wall?
--Is the incoming water supply in a secure location? Is there a secure alternate 
drinking water supply?
-Are the incoming air intakes in a secure location? 
--How much fuel is stored on the site or at the building and how long can this 
quantity support critical operations? How is it stored? How is it secured?
--Is roof access limited to authorized personnel by means of locking mechanisms?
--What are the types and level of air filtration? 
--Are there provisions for air monitors or sensors for CBR agents?


Identifying the Building Core Functions and Infrastructure (Task 2.3)
The identification of the building core functions and infrastructure is one of 
the key elements of the assessment. These functions are the basis for the 
analysis described in this How-To Guide. The functions and infrastructure 
analyses identify the geographic distribution within the building and 
interdependencies between critical assets. Ideally, the functions should have 
geographic dispersion as well as a pre-determined recovery site or alternate 
work location. Similarly, critical infrastructure should have geographic 
dispersion and backup. For example, a bomb or CBR attack entering through the 
loading dock could impact the telecommunications, data, uninterruptible power 
supply (UPS), generator, and other key infrastructure systems. The core 
functions and infrastructure are described below.


Identifying Building Core Functions
The first activity is to determine the core functions and processes necessary 
for the building to continue to operate or provide services after an attack. The 
reason for identifying core functions/processes is to focus the Assessment Team 
on what a building does, how it does it, and how various threats can affect the 
building. This provides more discussion and results in a better understanding of 
asset value. Factors that should be considered include:
--What are the building’s primary services or outputs?
--What critical activities take place at the building?
--Who are the building’s occupants and visitors?
--What inputs from external organizations are required for a building’s success?

A number of core functions have been selected for this How-To Guide and are 
included in Table 2-2.

Table 2-2. Building Core Functions
Administration
Engineering
Warehousing
Data Center
Food Service
Security
Housekeeping
Day Care


Identifying Building Core Infrastructure
After the core functions and processes are identified, an evaluation of building 
infrastructure should follow. To help identify and value rank infrastructure, 
the following should be considered, keeping in mind that the most vital asset 
for every building is its people:
--Identify how many people may be injured or killed during a terrorist attack 
that directly affects the infrastructure.
--Identify what happens to occupants if a specific asset is lost or degraded. 
(Can primary services continue?)
--Determine the impact on other organizational assets if the component is lost 
or can not function.
--Determine if critical or sensitive information is stored or handled at the 
building.
--Determine if backups exist for the building’s assets.
--Determine the availability of replacements.
--Determine the potential for injuries or deaths from any catastrophic event at 
the building’s assets.
--Identify any critical building personnel whose loss would degrade or seriously 
complicate the safety of building occupants during an emergency. 
--Determine if the building’s assets can be replaced and identify replacement 
costs if the building is lost.
--Identify the locations of key equipment and the impact if it is lost during a 
terrorist attack.
--Determine the locations of personnel work areas and systems.
--Identify the locations of any personnel operating “outside” a building’s 
controlled areas.
--Determine, in detail, the physical locations of critical support 
architectures:
	• Communications and information technology (i.e., the flow of 	critical 
information)
	• Utilities (e.g., facility power, water, air conditioning, etc.)
	• Lines of communication that provide access to external resources 
	and provide movement of people (e.g., road, rail, air 
	transportation)
--Determine the location, availability, and readiness condition of emergency 
response assets, and the state of training of building staff in their use.

A number of core infrastructures have been selected for this How-To Guide. Table 
2-3 includes the selected examples.

Table 2-3. Building Core Infrastructure
Site
Architectural
Structural Systems
Envelope Systems
Utility Systems
Mechanical Systems
Plumbing and Gas Systems
Electrical Systems
Fire Alarm Systems
IT/Communications Systems


Levels of Protection
The selection of the level of protection is building-dependent. The General 
Services Administration (GSA) and DoD have developed standards and 
recommendations that can be applicable to buildings leased by or used to support 
Federal Government agencies. These standards and recommendations are not 
required for non-Federal buildings; however, building owners can evaluate and 
select those standards that meet their specific needs and criteria.

A primary concern is the protection of buildings from explosive blast and CBR 
attacks. To protect against blast, the level of protection is dependent upon the 
type of construction and the blast pressures (stand-off distance). The amount of 
explosive and the resulting blast dictate the level of protection required to 
prevent a building from collapsing or minimizing injuries and deaths. Levels of 
protection can be found in GSA PBS-P100, Facilities Standards for the Public 
Buildings Service, November 2000, Section 8.6 and USAF Installation Force 
Protection Guide and DoD UFC-010-01. 

The DoD prescribes minimum stand-off distances based on the required level of 
protection. Where minimum stand-off distances are met, conventional construction 
techniques can be used with some modifications. In cases where the minimum 
stand-off cannot be achieved, the building must be hardened to achieve the 
required level of protection. The DHS and Interagency Security Committee (ISC) 
Security Criteria (GSA was formerly responsible for this Interagency Committee) 
do not require or mandate specific stand-off distances. Rather, they provide 
protection performance criteria. In order to economically meet these performance 
standards, they present recommended stand-off distances for vehicles that are 
parked on adjacent properties and for vehicles that are parked on the building 
site (see GSA Security Criteria, Draft Revision, October 8, 1997, and ISC 
Security Design Criteria for New Federal Office Buildings and Major 
Modernization Projects, May 28, 2001). Table 2-4 presents the levels of 
protection and the recommended security measures.


Table 2-4: Levels of Protection and Recommended Security Measures
(Source: U.S. Department of Justice, Vulnerability Assessment of Federal 
Facilities, June 28, 1995)

Table Column Descriptions: 
1. Level (Assignment of levels to be based on an “on-site” risk  
assessment/evaluation) 
2. Typical Location
3. Examples of Tenant Agencies (Examples of typical, but not limited to, tenant 
agencies for this level facility)
4. Security Measures (based on evaluation) 
--Level: I
--Typical Location: 10 Employees (Federal); 2,500 Square Feet; Low Volume Public 
Contact; and Small “Store Front” Type Operation.
--Examples of Tenant Agencies: Local Office; District Office; Visitor Center; 
USDA Office; Ranger Station; Commercial Facilities; Industrial/Manufacturing; 
and Health Care.
--Security Measure: High Security Locks; Intercom; Peep Hole (Wide View); 
Lighting with Emergency Backup Power; Controlled Utility Access; and Annual 
Employee Security Training.

--Level: II
--Typical Location: 11 - 150 Employees (Federal); 2,500 - 80,000 Square Feet; 
Moderate Volume Public Contact; and Routine Operations Similar to Private Sector 
and/or Facility Shared with Private Sector.
--Examples of Tenant Agencies: Public Officials; Park Headquarters; 
Regional/State Offices; Commercial Facilities; Industrial; Manufacturing; and 
Health Care. 
Security Measure: Entry Control Package with Closed Circuit Television (CCTV); 
Visitor Control/Screening; Shipping/Receiving Procedures; Guard/Patrol 
Assessment; Intrusion Detection with Central Monitoring; CCTV Surveillance (Pan-
Tilt, Zoom System); and Duress Alarm with Central Monitoring.
 
--Level: III
--Typical Location: 151 - 450 Employees (Federal); Multi-Story Facility; 80,000 
- 150,000 Square Feet; Moderate/High Volume Public Contact; and Agency Mix of 
Law Enforcement Operations, Court Functions, and Government Records.
--Examples of Tenant Agencies: Inspectors General; Criminal Investigations; 
Regional/State Offices; GSA Field Offices; Local Schools; Commercial Facilities; 
Industrial; Manufacturing; and Health Care. 
--Security Measures: Guard Patrol on Site; Visitor Control/Screening; 
Shipping/Receiving Procedures; Intrusion Detection with Central Monitoring; 
CCTV Surveillance (Pan-Tilt, Zoom System); and Duress Alarm with Central 
Monitoring.

--Level: IV
--Typical Location: more than 450 Employees (Federal); Multi-Story Facility; 
greater than 150,000 Square Feet; High Volume Public Contact; High-Risk Law 
Enforcement/Intelligence Agencies; and District Court. 
--Examples of Tenant Agencies: Significant Buildings and Some Headquarters; 
Federal Law Enforcement Agencies; Local Schools, Universities
Commercial Facilities; and Health Care.
--Security Measures: Extend Perimeter (Concrete/Steel Barriers); 24-Hour Guard 
Patrol; Adjacent Parking Control; Backup Power System; and Hardened Parking 
Barriers.

--Level: V
--Typical Location: Level IV Profile and Agency/Mission Critical to National 
Security
--Example of Tenant Agency: Principal Department Headquarters
--Security 
Measure: Agency-Specific


Establishing the levels of protection for CBR agents is more difficult to 
quantify because there are almost infinite agents and delivery modes that can be 
used and a CBR attack affects multiple systems. Protection against CBR attacks 
is focused on preventing agents from entering a building and using the building 
envelope and HVAC system to respond to an attack to isolate or contain an agent 
to as small a footprint as possible. 

For more information on explosive blast and CBR, you may consult DoD and GSA 
standards; the Building Vulnerability Assessment Checklist in Appendix A; FEMA 
426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings; 
FEMA 427, Primer for Design of Commercial Buildings to Mitigate Terrorist 
Attacks; and the CDC guides for protection against CBR attack and filtration.


Determining the Asset Value Rating (Task 2.4)
After building core functions and building infrastructure are analyzed, a value 
should be assigned. Table 2-5 provides a scale for selecting  your asset value. 
The scale is a combination of a 7-level linguistic scale and a 10-point 
numerical scale (10 being the greater threat). To determine a value, you should 
keep in mind that asset value can be defined as the degree of debilitating 
impact that would be caused by the incapacity or destruction of the building’s 
assets. To determine a vulnerability rating, you should consider the 
consequences of the loss or damage of the building’s assets (e.g., loss of life, 
injuries, or total loss of primary services, core processes and functions). The 
key asset for every building is its people (e.g., employees, visitors, etc.) and 
they will always be assigned the highest asset value. Tables 2-6A and 2-6B 
display a nominal example applying these ratings for an urban multi-story 
building.

Table 2-5: Asset Value Scale
Asset Value: Very High
Score: 10
Description: Very High – Loss or damage of the building’s assets would have 
exceptionally grave consequences, such as extensive loss of life, widespread 
severe injuries, or total loss of primary services, core processes, and 
functions.

Asset Value: High
Score: 8-9
Description: High – Loss or damage of the building’s assets would have grave 
consequences, such as loss of life, severe injuries, loss of primary services, 
or major loss of core processes and functions for an extended period of time.

Asset Value: Medium High
Score: 7
Description: Medium High – Loss or damage of the building’s assets would have 
serious consequences, such as serious injuries or impairment of core processes 
and functions for an extended period of time.

Asset Value: Medium
Score: 5-6
Description: Medium – Loss or damage of the building’s assets would have 
moderate to serious consequences, such as injuries or impairment of core 
functions and processes.

Asset Value: Medium Low
Score: 4
Description: Medium Low – Loss or damage of the building’s assets would have 
moderate consequences, such as minor injuries or minor impairment of core 
functions and processes.

Asset Value: Low
Score: 2-3
Description: Low – Loss or damage of the building’s assets would have minor 
consequences or impact, such as a slight impact on core functions and processes 
for a short period of time.

Asset Value: Very Low
Score: 1
Description: Very Low – Loss or damage of the building’s assets would have 
negligible consequences or impact.


Table 2-6A: Nominal Example of Asset Value Rating for an Urban Multi-story 
Building (Building Function)

--Five terror threats (Cyber Attack; Vehicle Bomb; Suicide Bomber; Chemical 
(Sarin); and Biological (Ricin)) ranked for the following building functions: 
Administration	
Engineering	
Warehousing	
Data Center	
Food Service	
Security	
Housekeeping	
Day Care	


Table 2-6B: Nominal Example of Asset Value Rating for an Urban Multi-story 
Building (Building Infrastructure)

--Five terror threats (Infrastructure; Cyber Attack; Vehicle Bomb; Suicide 
Bomber; Chemical; and Biological) ranked for the following building 
infrastructure: 
Site	
Architectural	
Structural Systems	
Envelope Systems	
Utility Systems	
Mechanical Systems	
Plumbing and Gas Systems	
Electrical Systems	
Fire Alarm Systems	
IT/Communications Systems


The following additional references for blast are recommended:
U.S. Air Force, 1989, ESL-TR-87-57, Protective Construction Design Manual, 
Contact Airbus Technologies Division (AFRL/MLQ) at Tyndall Air Force Base, 
Florida, via e-mail to techinfo@afrl.af.mil. [Superseded by Army Technical 
Manual TM 5-855-1 (Air Force Pamphlet AFPAM 32-1147(I), Navy Manual NAVFAC P-
1080, DSWA Manual DAHSCWEMAN-97), December 1997]

U.S. Army Corps of Engineers, 1990, TM 5-1300, Structures to Resist Accidental 
Explosions, U.S. Army Corps of Engineers, Washington, D.C., (also Navy NAVFAC 
(Naval Facilities) P-397, Air Force Regulation 88-2); Contact David Hyde, U.S. 
Army Engineer Research and Development Center, 3909 Halls Ferry Road, Vicksburg, 
Mississippi 39180 or via e-mail to hyded@ex1.wes.army.mil

U.S. Department of Energy, 1992, DOE/TIC 11268, A Manual for the Prediction of 
Blast and Fragment Loadings on Structures, Southwest Research Institute, 
Albuquerque, New Mexico.

Technical Support Working Group, Terrorist Bomb Threat Stand-Off Card with 
Explanation of Use, Technical Support Working Group, Washington, D.C. 
http://www.tswg.gov/tswg/prods_pubs/newBTSCPress.htm

U.S. Department of the Treasury/Bureau of Alcohol, Tobacco and Firearms, 1999, 
Vehicle Bomb Explosion Hazard And Evacuation Distance Tables, Department of the 
Treasury, Washington, D.C. (Request in writing, address information available at 
http://www.atf.treas.gov/pub/fire-explo_pub/i54001.htm)

Federal Bureau of Investigation, 1999, Terrorism in the United States.

Department of Justice, Federal Bureau of Investigation, Counterterrorism 
Division, Washington, DC. http://www.fbi.gov/publications/terror/terror99.pdf

The U.S. Department of State, 2002, Patterns of Global Terrorism 2001.
Biggs, John M. Introduction to Structural Dynamics. McGraw-Hill. 1964.
The Institute of Structural Engineers. The Structural Engineer’s Response to 
Explosive Damage. SETO, Ltd., 11 Upper Belgrave Street, London SW1X8BH. 1995.

Mays, G.S. and Smith, P.D. Blast Effects on Buildings: Design of Buildings to 
Optimize Resistance to Blast Loading. Thomas Telford Publications, 1 Heron Quay, 
London E14 4JD. 1995.

National Research Council. Protecting Buildings from Bomb Damage. National 
Academy Press. 1995. 


WORKSHEET 2-1: ASSET VALUE 
Worksheet 2-1 can be used to complete your risk assessment and will be used in 
conjunction with Worksheets 4-1 and 4-2. It can be used to discuss asset value 
with building stakeholders and among the members of the Assessment Team. Asset 
value refers to a resource of value requiring protection. A scale (asset value) 
can be used to signify the protection that a particular asset merits. To fill 
out this table, analyze the impact of a particular threat to your site and/or 
building. Analyze core functions and building infrastructure components as 
indicated in Task 2.3. 

--Asset Value
Very High: 10
High: 8-9
Medium High: 7
Medium: 5-6
Medium Low: 4
Low: 2-3
Very Low: 1


--Function:
Administration
Engineering
Warehousing
Data Center
Food Service
Security
Housekeeping
Day Care
Other
Other

--Infrastructure:
Site
Architectural
Structural Systems
Envelope Systems
Utility Systems
Mechanical Systems
Plumbing and Gas Systems
Electrical Systems
Fire Alarm Systems
IT/Communications Systems



Step 3: Vulnerability Assessment

Overview
The third step in the assessment process is to prepare a vulnerability 
assessment of your assets that can be affected by a threat (see Figure 3-1). For 
this document, vulnerability is defined as any weakness that can be exploited by 
an aggressor to make an asset susceptible to hazard damage. A vulnerability 
assessment is an indepth analysis of the building functions, systems, and site 
characteristics to identify building weaknesses and lack of redundancy, and 
determine mitigations or corrective actions that can be designed or implemented 
to reduce the vulnerabilities. During this step, you will begin the analysis of 
your assets based on: a) the identified threat; b) the criticality of your 
assets: and c) the level of protection you may have chosen (i.e., your 
willingness or unwillingness to accept risk).  

The vulnerability assessment process involves the following tasks:
--Organizing resources to prepare the assessment
--Evaluating the site and building
--Preparing a vulnerability portfolio
--Determining the vulnerability rating

Figure 3-1: Steps and tasks
Step 3:  Vulnerability Assessment
TASKS:
3.1.  Organizing resources to prepare the assessment
3.2.  Evaluating the site and building
3.3.  Preparing a vulnerability portfolio
3.4.  Determining the vulnerability rating


Organizing Resources to Prepare the Assessment (Task 3.1)
An important task during Step 3 is organizing your resources to prepare the 
assessment. This involves determining the level of the assessment you wish to 
perform and the skills of the team necessary to conduct the assessment. 


Selecting the Assessment Team
The selection of the Assessment Team is probably the most critical task in the 
threat assessment process. An assessment has been found to be most effective 
when the Team is composed of senior individuals who have a breadth and depth of 
experience and understand other disciplines and system interdependencies. The 
Assessment Team leader will work with the building owner and stakeholders to:
--Determine the threat rating (Step 1)
--Determine the asset value and level of protection (Step 2)

The Assessment Team will coordinate the preparation of an assessment schedule, 
assessment agenda, and on-site visit assessments with the building stakeholders. 
It is important to emphasize that the Assessment Team should be composed of 
professionals capable of evaluating different parts of the buildings and 
familiar with engineering, architecture and site planning. Other members of the 
team may include law-enforcement agents, first responders, and building owners 
and managers.


Determining the Level of the Assessment 
The level of the assessment for a given building is dependent upon a number of 
factors such as type of building, location, type of construction, number of 
occupants, economic life, and other owner specific concerns and available 
economic resources. The levels of the assessment provided in this How-To Guide 
are similar to the FEMA 310 process and provide increasing tiers of assessments. 
The underlying purpose is to provide a variable scale to meet benefit/cost 
considerations for a given building that meets the intent and requirements of 
available antiterrorism guidelines such as the DoD Minimum Antiterrorism 
Standards and the GSA Interagency Security Criteria.

Tier 1.
A Tier 1 assessment is a screening phase that identifies the primary 
vulnerabilities and mitigation options, and is a “70 percent” assessment (see 
Table 3-1). A Tier 1 assessment can typically be conducted by one or two 
experienced assessment professionals in approximately 2 days with the building 
owner and key staff; it involves a “quick look” at the site perimeter, building, 
core functions, infrastructure, drawings, and plans. A Tier 1 assessment will 
likely be sufficient for the majority of commercial buildings and other non-
critical facilities and infrastructure. 

Tier 2.
A Tier 2 assessment is a full on-site evaluation by assessment specialists that 
provides a robust evaluation of system interdependencies, vulnerabilities, and 
mitigation options; it is a “90 percent” assessment solution (see Table 3-2). A 
Tier 2 assessment typically requires three to five assessment specialists, can 
be completed in 3 to 5 days, and requires significant key building staff 
participation (e.g., providing access to all site and building areas, systems, 
and infrastructure) and an indepth review of building design documents, 
drawings, and plans. A Tier 2 assessment is likely to be sufficient for most 
high-risk buildings such as iconic commercial buildings, government facilities, 
schools, hospitals, and other designated high value infrastructure assets. 

Tier 3.
A Tier 3 assessment is a detailed evaluation of the building using blast and 
weapons of mass destruction (WMD) models to determine building response, 
survivability, and recovery, and the development of mitigation options. A Tier 3 
assessment (see Table 3-3) typically involves engineering and scientific experts 
and requires detailed design information, including drawings and other building 
information. Modeling and analysis can often take several days or weeks and is 
typically performed for high value and critical infrastructure assets. The 
Assessment Team is not defined for this tier; however, it could be composed of 8 
to 12 people.

Table 3-1:  Tier 1 - Screening Phase
Task: Information Gathering and Review	
Building Type: Standard commercial office building
Team Composition: 1 Site and Architectural, and 1 Security Systems and 
Operations
Duration: 1 day
Activity: Review technical area and general site analysis

Task: On-site Evaluation
Building Type: Standard commercial office building
Team Composition: 1 Site and Architectural, and 1 Security Systems and 
Operations
Duration: 1 day per assessor	
Activity: 
--Complete the Critical Function and Critical Infrastructure matrices; perform a 
limited technical review using the Building Vulnerability Assessment Checklist; 
input site, vulnerability, and mitigation information into the database; write 
reports
--Prepare a verbal or PowerPoint presentation with key findings to review with 
building owners’ and stakeholders’ major findings  
--Receive input on the assessment process

Task: Develop Mitigation Options
Building Type: Standard commercial office building
Team Composition: 1 Site and Architectural, and 1 Security Systems and 
Operations
Duration: Typically 1 to 3 days per assessor	
Activity: 
--Prepare a Preliminary Report, including findings and feedback from 
stakeholders. This report should include concept and cost mitigation options.
--Prepare a written Final Report that lists the vulnerabilities, observations, 
and mitigation options.  Very rough order of magnitude cost estimates may be 
developed using standard unit costs for blast, CBR, and physical security 
infrastructure and equipment.
--Prepare a Vulnerability Portfolio with recommendations for incorporation into 
Emergency Operations, Disaster Recovery, and other plans or procedures


Table 3-2:  Tier 2 - Full On-site Evaluation
Task: Information Gathering and Review
Building Type: High-risk or iconic buildings; Commercial buildings, government 
facilities, schools, and hospitals; and Designated high asset value 
infrastructure
Team Composition: 1 Site and Architectural (recommended as Team leader) ; 1 
Structural and Building Envelope; 1 Mechanical, Electrical, and Power Systems 
and Site Utilities; 1 Landscape Architect; 1 IT and Telecommunications; and 1 
Security Systems and Operations.
Duration: 1 day per assessor
Activity: Review technical area and general site analysis collected during the 
Tier 1 assessment

Task: On-Site Evaluation
Building Type: High-risk or iconic buildings; Commercial buildings, government 
facilities, schools, and hospitals; and  Designated high asset value 
infrastructure
Team Composition: 1 Site and Architectural (recommended as Team leader) ; 1 
Structural and Building Envelope; 1 Mechanical, Electrical, and Power Systems 
and Site Utilities; 1 Landscape Architect; 1 IT and Telecommunications; and 1 
Security Systems and Operations.
Duration: 2 to 4 days per assessor
Activity: 
--Complete the Critical Function and Critical Infrastructure matrices; perform a 
limited technical review using the Building Vulnerability Assessment Checklist; 
input site, vulnerability, and mitigation information into the database; write 
reports
--Prepare a verbal or PowerPoint presentation with key findings to review with 
building owners’ and stakeholders’ major findings  
--Receive input on the assessment process

Task: Develop Mitigation Options
Building Type: High-risk or iconic buildings; Commercial buildings, government 
facilities, schools, and hospitals; and Designated high asset value 
infrastructure
Team Composition: 1 Site and Architectural (recommended as Team leader); 1 
Structural and Building Envelope; 1 Mechanical, Electrical, and Power Systems 
and Site Utilities; 1 Landscape Architect; 1 IT and Telecommunications; and 1 
Security Systems and Operations.
Duration: 1 to 3 days per assessor
Activity: 
--Prepare a Preliminary Report, including findings and feedback from 
stakeholders. This report should include concept and cost mitigation options.
--Prepare a written Final Report that lists the vulnerabilities, observations, 
and mitigation options.  Very rough order of magnitude cost estimates may be 
developed using standard unit costs for blast, CBR, and physical security 
infrastructure and equipment.
--Prepare a Vulnerability Portfolio with recommendations for incorporation into 
Emergency Operations, Disaster Recovery, and other plans or procedures


Table 3-3:  Tier 3 - Detailed Evaluation
Building Type: High value and critical infrastructure assets
Team Composition: 1 Site and Architectural - Team leader; 1 Structural and 
Building Envelope; 1 Mechanical, Electrical, and Power Systems and Site 
Utilities; 1 IT and Telecommunications Modeler; 1 Security Systems and 
Operations; 1 Explosive Blast Modeler; 1 CBR Modeler; 1 Cost Engineer; and 
1 Landscape Architect.
Activity: 
--A typical Tier 3 Assessment Team will use the results of the Tier 2 assessment 
and involve modeling and analysis of the building and related systems using 
advanced blast and WMD models and applications. Blast analysis will include 
structural progressive collapse, glazing, and effects of building hardening. CBR 
analysis should evaluate the effects of the agents released externally and 
internally to provide the dispersion, duration, and exposure of the building 
systems and occupants. The IT and Telecommunications Modeler should evaluate 
effects on all IT systems assuming cascading equipment failure and long-term 
access denial to critical equipment, data, and on-site administrative 
capability. 
--The Tier 3 assessment will provide detailed building response, survivability, 
and recovery information used to develop enhanced and accurate costing of 
mitigation options.


Evaluating the Site and Building (Task 3.2)
Understanding the type, nature, and geographic range of threats (Step 1) that 
can occur at your site or building, as well as the associated exposure of your 
assets (Step 2) is essential to conducting a vulnerability analysis. Each 
building, even if on the same campus or the same general area, can have 
different priority threats and hazards. A well-prepared risk manager must be 
aware of the types of threat and hazard events that can occur, the areas and 
resources most at risk, and the potential costs and losses that could accompany 
a threat or hazard event. 

To prepare an effective assessment, the following activities should take place:  
1.  Pre-Meeting and Preparation of a Schedule and Tentative Agenda. Before 
conducting the on-site building evaluation, a coordination meeting should take 
place. During this meeting, the type of assessment to be conducted, personnel 
availability, schedules, and outputs should be discussed in detail. In addition, 
firm timetables and an agenda for on-site visits should be discussed. The agenda 
schedule should include the sites to be evaluated and special areas to be 
protected. Worksheets 3-1 and 3-2 have been developed to aid in this process.

2.  On-Site Meeting(s). For each assessment, a preparation meeting will take 
place with key stakeholders. Upon arrival at the site or building, the Team 
should have an introduction meeting with key staff, review the available 
information, and review the vulnerability portfolio (Task 3.3). 
As a minimum, recommended building personnel attendees should include:
--Site or building owner
--Chief of engineering
--Chief of security
--Chief of IT
--Emergency manager

Other attendees may include:
--Union or employee representatives
--Local law enforcement, fire, and EMS representatives
--State or county representatives
--Local utility, telecommunications, and services (waste, security services, 
etc.)
--Administration, food services, laboratory, and other critical function 
representatives

For the assessment to be successful, building stakeholders should participate as 
key members, providing on-site access to all buildings and areas. In addition, 
they should participate in interviews, and provide comments on current strengths 
and weakness of plans and procedures, including facility access, personnel 
movement, operations and maintenance, and security alerts. 

3.  Windshield Tour(s). After the introduction meeting, the Assessment Team and 
stakeholders should conduct a “windshield” tour or walk-around of the key 
facilities. The Assessment Team may find areas that require special attention 
and feel the need to make adjustments to the assessment agenda (Worksheet 3-2).

4.  Assessment Background Information. After the on-site tour, the Assessment 
Team and stakeholders are ready to conduct the on-site assessment. Completing 
the matrices provided in this How-To Guide for conducting the threat assessment 
will take approximately 4 to 8 hours, using an interview and consensus approach 
around a table. During these discussions, the Team should prepare worksheets 
provided in Steps 1 and 2. 
They will determine:
--Threats that are a priority concern for your site, building, and related 
	infrastructure (Worksheets 1-1 and 1-2)
--The assets of  your area, building or site that can be affected by a threat 
(Worksheet 2-1)

5.  Review Key Documents. The Assessment Team will review or evaluate a number 
of plans, procedures, and policies. The list below provides some of the 
documents that need to be reviewed by the Team before conducting the assessment. 
How to gather this information is described in Steps 1 and 2.
--Prior vulnerability assessment data
--Emergency response and disaster recovery plans
--Security master plan (including detection/delay/assess)
--Security inspection results
--HazMat plans
--Policy and legal requirements
--Federal, State, and local law enforcement threat assessments
--Site plans of utility and communications systems
--Floor plans for all facilities identified as important (including those listed 
above)
--Floor plans and locations of modified and abandoned facilities
--Structural drawings of key facilities
--New project drawings for fences, security, and buildings
--Security system drawings
--Historical reports
--Local zoning ordinances
--Comprehensive plans
--Development plans
--Information on the facility systems operations capability 
--Information on agreements with the surrounding community and Federal agencies 
--Information on incidents within the building (i.e., misconduct information)
--Population statistics
--Manpower surveys
--Other documents determined by the Team to be important

6.  Review Emergency Procedures. The Assessment Team and building stakeholders 
should review the security master plan, and the engineering operations and 
maintenance, emergency operations, and disaster recovery plans to  understand 
the critical assets of the building and establish a baseline organization 
response and recovery capability in case of an attack or event. The impact of 
many vulnerabilities can be reduced or eliminated by simple changes in plans, 
policies, and procedures. As part of the screening phase review, the following 
areas should be considered:
--Emergency notification procedures
--Emergency evacuation procedures
--First responder access and routing
--Shelter-in-place procedures
--Designated shelter capacities and travel routes
--Off-site rally point and roll call
--Emergency engineering systems shutdown (HVAC, electrical, information 
technology (IT)/telecommunications)
--Portable protective equipment (indoor air filters, sampling kits, first aid)
--Personal protective equipment (PPE)
--Exercise of plans 

7.  Prepare the Assessment. Preparing the assessment can be as simple as a quick 
review and analysis of existing documents and a short walk around the site, or a 
more detailed in-depth review and analysis of the documents, plans, and other 
information and a thorough walk-through of the building, including utility 
spaces, basements, crawl spaces, attics, and vault (see Tables 3-1, 3-2, and 3-
3). The following are recommended when conducting the different types of 
assessments.  

For Tier 1 Screening Evaluation, the analysis should include, at a minimum: 
--Perimeter identification
--Vehicle and pedestrian entry access control points
--Security operations function
--EOC (or function)
--Primary point of entry of utilities and telecommunications
--Critical functions
--Critical infrastructure
--Key staff
--Off-site rally point and other Emergency Management procedures (PPE, mass 
notification, etc.)

For Tier 2 On-Site Evaluation, the analysis should include, at a minimum:
--Tier 1 information
--Detailed inspection and route tracing of primary utilities and 
telecommunications 
--Detailed review of HVAC system and operating parameters
--Detailed review of electric power and generator capacity (life safety, data 
centers, communications, etc.)
--Detailed review of structural and envelope system (column-beam connections, 
materials, clips, glazing)
--Detailed review of Security Master Plan, Emergency Management Plan, other 
related plans and Memorandums of Understanding (MOU) (Continuity of Operations 
[COOP], Continuity of Government [COG], Certified Emergency Management Plan 
[CEMP], etc.)

For Tier 3, Detailed Evaluation, the analysis should include, at a minimum:
--Tier 2 information
--Systems interdependencies on-site and off-site (utility vaults, communications 
central office trunks, transportation nodes, logistics, etc.)
--Advanced blast and CBR modeling of building and systems (structural damage, 
interior and exterior plume dispersion, safe haven areas)
--Advanced evacuation planning and routing to include test of mass notification 
system, training, and exercises
--Advanced disaster response and recovery planning in conjunction with neighbors 
and local government

8.  Data Gap Analysis. The Assessment Team may feel that the data gathered for 
on-site assessment are not enough. The Team should assess the following 
information:
--Do we know where the greatest damages may occur in the threat/hazard areas?
--Do we know whether critical facilities will be operational after a 
threat/hazard event?
--Are there enough data to determine which assets are subject to the greatest 
potential damages?
--Are there enough data to determine whether significant elements of the 
community are vulnerable to potential threats?
--Are there enough data to determine whether certain areas of historic, 
environmental, political, or cultural significance are vulnerable to potential 
threats?
--Is there concern about a particular threat because of its severity, frequency, 
or likelihood of occurrence?
--Are additional data needed to justify the expenditure of community or state 
funds for mitigation initiatives?

If the Team decides that more data will be beneficial to conduct the assessment, 
a determination should be made as to what type of data are needed and what 
resources are available for collecting new data. If stakeholders and the Team 
agree on collecting new data, the Team needs to prioritize areas for additional 
data collection.

 
Preparing a Vulnerability Portfolio (Task 3.3)
To carry out the assessment, the Team should have a vulnerability portfolio 
available. This portfolio should include the following:
--Assessment agenda (Worksheet 3-2)
--Assessment background information (to be collected by Assessment Team and 
building owners)
--Threats rating (Worksheets 1-1 and 1-2)
--Asset value ranking worksheet (Worksheet 2-1)
--Key documents (plans, procedures, and policies, see Task 3.2) 
--Emergency procedures (baseline organization response and recovery capability 
in case of an attack or event, see Task 3.2)	
--Building Vulnerability Assessment Checklist (Appendix A)
--Risk assessment matrices (Worksheets 4-1 and 4-2, described in Step 4)
--Prioritization of observations in the checklist (Worksheet 4-3)
--Risk Assessment Database (if assessment is going to be automated – see 
Appendix B)

The Building Vulnerability Assessment Checklist, the Pre-Assessment Screening 
Matrix, and the Risk Assessment Database are explained below. 


Building Vulnerability Assessment Checklist. 
Appendix A includes the Building Vulnerability Assessment Checklist, which 
compiles many best practices based on technologies and scientific research to 
consider during the design of a new building or renovation of an existing 
building. It allows a consistent security evaluation of designs at various 
levels. The Checklist is a key tool in the preparation of the threat assessment 
and a fundamental element of your vulnerability portfolio. When performing a 
walk-through of the facility to be assessed, the Team should use the Checklist 
as a screening tool for preparing the vulnerability assessment and make 
observations when reviewing the questions included in the Checklist.

The Checklist is organized into 13 sections. To conduct a vulnerability 
assessment of a building or preliminary design, each section of the Checklist 
should be assigned to an engineer, architect, or subject matter expert who is 
knowledgeable and qualified to perform an assessment of the assigned area. Each 
assessor should consider the questions and guidance provided to help identify 
vulnerabilities and document results in the observations column. The 
observations made during this Step will be prioritized during Step 4. The 
observations in the Checklist should be supplemented with photographs, if 
possible. 

Risk Assessment Database. 
To support the building assessment process, a simple and easy to use Risk 
Assessment Database application is provided with this manual (se