Pick three locations, events or individuals in your location (county, city or state) and complete a 6 – 8 page assessment of their vulnerabilities and threats, putting their security in order of priority, explaining and defending your choices.
Terrorism vulnerability assessments were created to criticize any “Achilles’ heel” in a security system that can be exploited by anyone willing to do harm to the location, an individual, or coordinated event. It assesses the weaknesses of facilities across a wide range of possible threats or hazards and creates a basis for determining physical and operational improvement measures to assure their protection. It administers both to new construction programming and design and to existing site management and restorations over the service life of a structure.
The helpful outcome of a vulnerability assessment is the task of a vulnerability rating of all appropriate aspects of building operations and systems to the clear threats for the specific facility. As with safeguard priority and threat ratings, any vulnerability can be either set as high, medium or low. High Vulnerability: One or more significant weaknesses have been identified that make the facility highly susceptible to an attack. Medium Vulnerability: A weakness has been identified that makes the facility somewhat susceptible to a terrorist or hazard; and finally Low Vulnerability: A minor weakness has been identified that slightly increases the susceptibility of the facility to a terrorist or hazard. (Baker, 2005)
Many institutions have undergone a workplace risk, threat and vulnerability assessments in the past to maintain their systems and businesses open and secure for the public. Although there are multiple different commercial and government methodologies in use today, there is currently no single reference that defines what vulnerability assessment methodology, otherwise known as “VAM”, is most suitable for specific types of assets in the neighborhood. Examples of systems for which vulnerability assessments are performed include information technology systems, transportation systems, communication systems, energy supply systems, and even water supply systems.
Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the standpoint of disaster management means assessing the threats from potential hazards to the public and to infrastructure. (U.S. DHS/ODP, 2003) Using the Vulnerability Assessment Methodology we will assess the following locations and/or events:
Location #1: Newark Liberty International Airport
Newark Airport may be known for being the departure airport of United Airlines flight 93, which was destined to arrive at San Francisco International Airport, prior to it being hijacked as part of the September 11th attacks. Newark Airport has since tightened security with the heightened presence of the Port Authority Police Department, Third party security companies i.e. FJC, and Department of Homeland Security staff, which includes the Transportation Security Administration, U.S. Customs & Border Protection, and U.S. Immigration & Customs Enforcement. However, with all new security measures and precautions, one major vulnerability is over looked, the airline ramp employees. Ramp employees have full access to secure areas based on their job criteria, whether it being driving a tug of checked luggage from one gate to another or guided a 747 into it’s arrival gate. The issue with this is that they can move freely, unsupervised throughout the airport, they can gain access to secure doors; they can access stairways leading into the terminals, and have full access to the planes themselves. To make matters worse due to lack of supervision the employees can access these areas even if they are off the clock. This is a great weakness, especially for an international airport with a history of being involved in a terrorist attack. Who is to say that an employee can and never will be involved in a threat to Newark Airport’s security?
With security being the main priority this issue can be alleviated by as simply as having a system that will inform the security guard at an entry post whether or not the employee attempting to gain access to a secured area is supposed to be there or not, this new security system can be linked to the employer’s work schedules and should also show the employee’s level of access, based on Port Authority’s identification cards. The system will only show security basic information and will not in any way infringe on the employee’s privacy, for example the system cannot access the employee’s personal information; such as address or personal history. If a system such as this cannot be put into place then it will solely come down to either the security guard contacting the employer or the employer disseminating a list of it’s employees for the day to guard posts through the airport.
Location #2: Salem Nuclear Power Plant
The Salem Nuclear Power Plant is a two unit pressurized water reactor nuclear power station located in Lower Alloways Creek Township, New Jersey, in the United States. PSEG Nuclear LLC and Exelon Generation LLC own it. The reactors, pressurized water reactors, were built by Westinghouse, and began commercial operation in 1977 and 1981. The two-unit plant has a capacity of 2,275 million watts of electricity. Unit 1 is licensed to operate until August 13, 2036 and Unit 2 is licensed to operate until April 18, 2040. Nuclear power plants have long been recognized as potential targets of terrorist attacks, and the public has long questioned the adequacy of the measures required of nuclear plant operators to defend against such attacks. In order to be prepared the plant should have access to the protected area is restricted to a portion of plant employees and monitored visitors, with stringent access barriers. The vital area is further restricted, with additional barriers and access requirements. The security must comply with Nuclear Regulatory Commission requirements on pre-hiring investigations and training.
Once hired, the plant’s security should perform exercises and be trained in defensive strategies against a possible attack, by doing so the security team should know how to protect against the theft of nuclear material, be able to defend against an attack from one or more teams and defend from multiple access points, investigate possible threats from an employee, and lastly have a plan against a vehicle based attack. These exercises should be monitored in order to spot possible areas for improvement, for example the exercises can have an attack team from outside the plant attempting to breach the plant’s vital area and damage key safety mechanism. Security defensive teams participating in the controlled exercises can possibly carry weapons modified to fire paint cartridges or only blanks and laser bursts to simulate bullets, and they wear laser sensors to show hits. Other weapons and explosives, as well as destruction or breaching of physical security barriers, can also be replicated. While one team of the plant’s security staff is participating in the exercise, another team can remain on duty to keep up normal plant security. Plant defenders would know that a mock attack will take place sometime during a specific period of several hours, but they would not know what the attack scenario would be. (U.S. nuclear regulatory commission, 2011)
Location #3: Holland Tunnel
The Holland Tunnel is a highway tunnel under the Hudson River connecting the island of Manhattan in New York City with Jersey City, New Jersey. Following the September 11, 2001, terrorist attacks on the World Trade Center; the tunnel remained closed to all but emergency traffic for nearly a month. When it reopened on October 15, 2001, strict new regulations were enacted banning single-occupant vehicles and trucks from entering the tunnel. The tunnel should considered to be one of the most high-risk terrorist target sites in the United States based on it being a source of revenue, a transportation network, an evacuation route, and because the public will also exposed to the planned attack. While assessing the Holland Tunnel’s vulnerabilities one would have to consider how the attack would take place, how can security respond to the attack, and the publicity factor for the attacking group that would come with it? The list of threat possibilities when evaluating the tunnel is staggering, for example the Holland Tunnel can be exposed to explosives being carried by a car or truck, biological agents can be released into the tunnel’s ventilation system, and the tunnel can also be an intentionally hit by a passing ship that has been hijacked; with all of the vulnerabilities security should be definitely be increased. By doing so there should be more patrolling police vehicles because the first step in protection is police presence, emergency telephones will be installed in order to report suspicious activity or incidents, and a closed circuit television system will be set up where it’s coverage cannot be avoided. After the increase in security measures an emergency plan should be put into place, this can be based off of FEMA guidelines. There will be a coordinated response among different first responders, this plan is also to include procedures for rapid debris removal, evacuation procedures, and plan designed for countermeasures for dealing with bomb threats or any suspicious objects found in the tunnel. Information about the tunnel should be controlled by having a team review and sanitize websites for potential information that may be beneficial to terrorists; however, removal of data from websites must be balanced with the need for information sharing. For example, information about the tunnel can be very useful for identifying weaknesses and planning an attack, but general design guidelines and “standard” plans generally provide information that is not directly beneficial to terrorists. We can establish a classification system for sensitive information. Apply procedures for the control of sensitive information, including document classification, tracking the distribution of design information to contractors, and disposal of sensitive materials. Lastly, create “need-to-know basis” procedures for the release of vulnerabilities, security measures, emergency response plans, or structural details. (McFadden & Dao, 2004)
* A Method to Assess the Vulnerability of US Chemical Facilities. National Institute of Justice Special Report (November 2002) * George H. Baker. (2005). A Vulnerability Assessment Methodology for Critical Infrastructure Sites. DHS Symposium: R&D Partnerships in Homeland Security. Boston, Massachusetts. * McFadden, Robert D. & Dao, James. August 3, 2004. THREATS AND RESPONSES: THE OVERVIEW; At 5 Buildings, A Day of Pluck And Patience. The New York Times. * US Department of Energy. (2002). Vulnerability Assessment Methodology, Electric Power Infrastructure. * U.S. DHS/ODP. Vulnerability Assessment Methodologies Report. (July 2003). * U.S. nuclear regulatory commission. (2011, February 04). Retrieved from http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/emerg-plan-prep-nuc-power-bg.html