What Do You Know About Risk Mgmt Process in DOD Facilities?

This article is intended to provide readers, with the “rest of the story”, describing the risk management process for DOD facilities to complement an earlier piece on guidelines for federal buildings and the accompanying training classes.
This article is intended to provide readers, with the “rest of the story”, describing the risk management process for DOD facilities to complement an earlier piece on guidelines for federal buildings and the accompanying training classes.

By Doug Haines, Owner and CEO of Haines Security Solutions

In last month’s edition of American Security Today the lead article was about guidelines for federal buildings and the accompanying training classes, outlined in the Federal Facilities Risk Management Process: An Interagency Security Committee Standard used for addressing critical, threats, vulnerabilities and risks to all Federal facilities except those under the control of the Department of Defense (DOD).

This article is intended to provide readers, with the “rest of the story”, describing the risk management process for DOD facilities.

(Learn About the Nov 5th, 2009 Terrorist Attack on Fort Hood. The worst mass shooting in history, at a U.S. Military Base. Courtesy of For the Record, The Blaze and YouTube. Posted on Mar 13, 2014)

Within the DOD the risk management process is governed by Unified Facilities Criteria (UFC) 4-020-01, The DOD Security Engineering Facilities Planning Manual.

The UFCs are a series of guidelines published by the DOD that govern various aspects of building design and construction and run the gamut from runway construction to roof design.

They are divided into series or groupings based on subject matter.

The four series is dedicated to security issues.

BACKGROUND

The Unified Facilities Criteria (UFC) system is prescribed by MIL-STD 3007 and provides planning, design, construction, sustainment, restoration, and modernization criteria, and applies to the Military Departments, the Defense Agencies, and the DoD Field Activities in accordance with USD(AT&L) Memorandum dated 29 May 2002.

UFCs will be used for all DoD projects and work for other customers where appropriate.

Fort Hood Memorial
Fort Hood Memorial

All construction outside of the United States is also governed by Status of forces Agreements (SOFA), Host Nation Funded Construction Agreements (HNFA), and in some instances, Bilateral Infrastructure Agreements (BIA.)

Therefore, the acquisition team must ensure compliance with the more stringent of the UFC, the SOFA, the HNFA, and the BIA, as applicable.

UFCs are living documents and will be periodically reviewed, updated, and made available to users as part of the Services’ responsibility for providing technical criteria for military construction.

Headquarters, U.S. Army Corps of Engineers (HQUSACE), Naval Facilities Engineering Command (NAVFAC), and Air Force Civil Engineer Support Agency (AFCESA) are responsible for administration of the UFC system.

UFCs are effective upon issuance and are published and distributed solely in electronic format via the whole building design guide website at www.dod.wbdg.org.

Most of the UFCs have unlimited distribution and are available to the public.

Those with limited distribution have a statement on the front cover indicating restrictive access.

THE PROCESS AS OUTLINED IN THE PLANNING GUIDE

The building design process starts with establishing the design basis threat (DBT), like the Interagency Security Committee (ISC) Standard.

Without the DBT an agency cannot begin to understand the threats posed to the facility and therefore cannot adequately design a comprehensive security envelope for the facility.

The Guide is divided into a ten-step process.

Guide users simply follow the paragraphs in each chapter to fill in forms that accompany the narrative.

  • The first step identifies assessment team components.
  • The next step identifies types of assets to be evaluated.
  • The third step helps determine asset value (criticality).
  • Step four deals with aggressor likelihood.
  • Step five covers modus operandi or likely tools and tactics.
  • Step six combines the first five steps and begins to formulate an initial DBT.
  • Step seven determines the initial level of protection, while
  • Step eight determines planning risk levels.
  • Step nine deals with assessing risk level acceptability and
  • Step ten identifies any constraints that may be incurred by the user

VULNERABILITY ASSESSMENT AND RISK ANALYSIS TRAINING

Both the Federal Facilities Risk Management Process: An Interagency Security Committee Standard and the Unified Facilities Criteria (UFC) 4-020-01, The DOD Security Engineering Facilities Planning Manual are used in a 3-day course entitled Vulnerability Assessment and Risk Analysis Methodologies (VAR) which is conducted by Haines Security Solutions throughout the United States or wherever US troops are stationed overseas.

While, the Guide and Standard form the foundation of the course of instruction, other common methodologies, such as, the CARVER and MSHARPP methodologies are also covered.

The CARVER methodology was developed by US Special Forces during the Vietnam War to assess target feasibility for US Commanders, and therefore takes an adversary’s point of view.

MSHARPP on the other hand was developed during the 90’s and takes the view of the asset holder.

Both methodologies are acronyms for the categories that are evaluated:

  • CARVER (Criticality, Accessibility, Recognizability, Vulnerability, Effect on Population and Recoverability)
  • MSHARPP (Mission, Symbolism, History, Accessibility, Proximity and Population)

Additionally, two other methodologies are covered:

Critical Asset and Infrastructure Risk Analysis (CAIRA)
Critical Asset and Infrastructure Risk Analysis (CAIRA)

Asset Based Risk Analysis (ABRA) which received a Platinum Award for Best Government Security Risk Analysis Methodology in 2017 by Security Today magazine and Critical Asset and Infrastructure Risk Analysis (CAIRA).

While ABRA looks at the security posture of a facility, CAIRA addresses the facility’s supporting energy systems (electricity, natural gas, non-drinking water and steam).

Students use all four methodologies during the class and assess the physical security attributes of the training venue during practical exercises.

During the final group activity on the last day, students determine what elements make up criticality and develop their own formula for assessment and analysis.

PHYSICAL SECURITY ENGINEERING TRAINING AND CERTIFICATION PROGRAM (PSET&C)

The VAR class is a core curriculum for the award of the Physical Security Engineering designation.

Other courses forming the basis of the PSE award/designation are

  • Access Control Concepts and Entry Control Facility Design
  • Planning Electronic Security Systems for Buildings and Compounds
  • Designing Secure Buildings: Integrating Security Technologies/ UFC-Minimum Antiterrorism Standards for DOD Buildings

The PSE program differs from other accreditation programs in that applicants can receive credit (transferable) for academic studies they’ve received elsewhere in access control concepts, building design and construction, electronic security systems and risk analysis.

Also available are designations for applicants who have published whitepapers, magazine articles or written a book and have spoken at regional, national or international conferences.

Physical Security Engineering designations are available to any industry vertical involved in the building design process or mitigation strategy development; i.e., architects, emergency managers, engineers, facility managers, planners and security professionals.

The PSET&C was recognized by American Security Today for being the Best Homeland Security Education Program in 2017 with the award of a Platinum “ASTORS”.

INTERNATIONAL CENTERS OF SECURITY TRAINING EXCELLENCE

Haines Security Solutions (HSS) is part of a global network of International Training Centers of Security Excellence which provide training in a myriad of security disciplines.

The Haines Security Solutions training center is in Oxnard (River Park), California.  Other Centers are in Greenville, New York,  Hilversum, The Netherlands and Antalya, Turkey.

Each Center offers the same basic courses yet each specializes in one of several security verticals.

At the River Park facility they focus on teaching building design and risk analysis strategies.

Tactics for patrolman and SWAT at taught by former police officers at the Greenville training center, where a firing range and mock-up urban environment are on-site.

And, in Antalya and Hilversum the ITCSE facilities maintain curriculums geared towards fashion retail, hospitality (hotel and nightclubs), and port security guard activities and executive protection.

More information about the risk management process, the regulations covered in this article, other training classes, PSET&C or how you can join the International Training Centers of Security Excellence team can be obtained by contacting 805 509-8655 or info@hainessecuritysolutions or visiting https://hainessecuritysolutions.com .

BENEFITS INCLUDE:

  • Enables students to bring projects they are working on to class for peer review and discussion, long with instructor subject matter expertise input
  • Fosters the interdisciplinary discussion between those involved in developing mitigation strategies and building design
  • Provides networking opportunities with other disciplines (architects, engineers, planners and security professionals)
  • Learning basic and advanced security philosophies and how to apply them to relevant in-class case studies for new construction and renovation projects
  • Receive credits towards a designation that is recognized worldwide

STUDENT COMMENTS

  • I felt like I had a personal tutor. I keep in touch with my instructor and she continues to provide valuable insight with other projects I’m working on. – A.Anderson, DHS Security Officer
  • The fact that the instructors are career veterans in the subject matter they are teaching, adds practical experience to the theoretical part of the instruction. – K.Johnson, DOD Emergency Manager
  • I brought an entry control project to class. Being able to talk through solutions with my fellow students really helped when presenting my solutions to my higher-ups. C.Esposito, Engineer
  • Interpreting often conflicting government guidelines and providing practical solutions was a plus. F.Young, Architect
  • I especially liked the interaction during the case studies/student exercises., A.Lee, National Park Service Security Officer

About the Author:

Doug Haines, Owner of Haines Security Solutions
Doug Haines, Owner of Haines Security Solutions

Doug Haines is the owner and CEO of Haines Security Solutions (HSS), in Ventura, California.

He’s widely respected and sought after for his subject matter expertise in developing building design strategies.

Doug was recognized as the Security Industry Associations’ (SIA) Sandra Jones Volunteer of the Year 2016 for helping shape the Associates of Applied Science Degree Program in Security Systems Technology at Mercer County Community College.

Whether lecturing in academia or at a security industry forum, he’s an impassioned speaker and likes sharing.  He routinely contributes to security publications world-wide.

His company’s Risk Analysis methodology was selected as the Platinum GOVIES 2017 Award winner by Security Today.

Doug Haines, accepting the award for 'Excellence in Homeland Security' in the 2017 ‘ASTORS’ Homeland Security Awards Program at ISC East
Doug Haines, accepting the award for ‘Excellence in Homeland Security’ in the 2017 ‘ASTORS’ Homeland Security Awards Program at ISC East

Doug has been recognized for ‘Excellence in Homeland Security’ in the 2017 ‘ASTORS’ Homeland Security Awards Program at ISC East, which was held in the Jacob Javits Convention Center on November 15th.

Additionally, Haines Security Solutions Physical Security Engineering Training & Certificationtook the Platinum ‘ASTORS’ Award Winner for Best Homeland Security Education.

Doug is a United States Air Force Veteran with over 45 years of Law Enforcement and Security Related Experience, and a Subject Matter Expert in Building Design Principles for Architects, Engineers, Facility Managers, Planners and Security Professionals.

Haines Takes Two Platinum in 2017 ‘ASTORS’ Homeland Security Awards Program

astor plat 2017 cut for announcement

  • Doug Haines, CEO of Haines Security Solutions

    • United States Air Force Veteran with over 45 years of Law Enforcement and Security Related Experience
    • Subject Matter Expert in Building Design Principles for Architects, Engineers, Facility Managers, Planners and Security Professionals.
    • Excellence in Homeland Security

astor plat 2017 cut for announcement

  • Haines Security Solutions

    • Platinum ‘ASTORS’ Award Winner
    • Physical Security Engineering Training & Certification
    • Best Homeland Security Education

2017 ASTORS

AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.

The Annual ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, Border Security, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

To Learn More about the ‘ASTORS’ Homeland Security Awards Program, see 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East.

Over 100 distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government, gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included representatives from:

2018 ASTORS

  • The Department of Homeland Security
  • The Department of Justice
  • The Security Exchange Commission
  • State and Municipal Law Enforcement Agencies
  • Leaders in Private Security

Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.

Nominations are now being accepted for the 2018 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.

American Security Today will be holding the 2018 ‘ASTORS’ Awards Presentation Luncheon to honor Nominees, Finalists and Winners on Wednesday, November 14, 2018 at ISC East 2018 in New York City.

(Learn More about Haines Security Physical Security Engineering Training and Certification Program (PSET&C), courtesy of Haines Security and YouTube)

For ‘ASTORS’ Sponsorship Opportunities and More Information on the AST 2018 ‘ASTORS’ Homeland Security Awards Program, please contact Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com or call 732.233.8119 (mobile) or 646-450-6027 (office).

Learn More…

Is Your Federal Facility In Compliance with Executive Order 12977