Critical Infrastructure Security and Resilience Risk Management Process (CISR-RMP)
When it comes to achieving community resilience (the ability to withstand or bounce back quickly following major disruptions), ensuring that critical infrastructures have continuity of service—especially water, energy, transportation and communications lifelines; emergency services; and local governance— is crucial. Each of these systems is essential, yet they are also interdependent, so it is imperative to identify and address shared vulnerabilities.
In 2013, President Obama issued Presidential Policy Directive 21, which focuses on critical infrastructure security and resilience (CISR). The Directive and the subsequent National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience, emphasize the individual and collective responsibilities of critical infrastructure owners, state and local governments, as well as metropolitan public-private partnerships, to advance CISR. Over the years, a variety of public and private entities at the global, national and local levels have recognized the need for competent risk and vulnerability analysis to address functions within their operations, and their critical infrastructure in particular. Yet, to date, nearly all attempts to tackle this issue have focused on narrowly defined, sector- or agency-specific responsibilities.
In 2014, the Institute began working on a Critical Infrastructure Security and Resilience Risk Management Process (CISR-RMP) to design a business process to help multiple stakeholders manage their own risks, resolve issues across interdependencies and support the ability to aggregate risk for community-wide benefit/cost analysis. To resolve issues that arise from infrastructure interdependencies requires a degree of consistency and comparability across individual local infrastructure systems to consider a “system of systems,” usually on a metropolitan scale. Data must be consistent and comparable within each system in order to understand and analyze how each entity allocates scarce budgets and human resources to reduce risk and/or enhance resilience. To be effective long-term, these risk/resilience analytic methods must become fully integrated into the asset management and planning/budgeting business processes of each relevant entity.
Sponsored by the U.S. Department of Homeland Security Office of Infrastructure Protection, the CISR-RMP project builds on an approach already tested in a number of U.S. infrastructures and a U.S. metropolitan area. That test, which used an American National Standard, underscored the value of a durable business process that yields valid, consistent and comparable metrics of risk, resilience, costs and benefits within and across sectors to support single-system and metropolitan-level decisions. While the overall method and individual elements proved feasible in that test, the modeling of interdependencies required further refinement. The CISR-RMP project builds on that history to assess whether such a process is feasible and practical for nation-wide use.
The CISR-RMP project will characterize the current business processes used by critical system owners for managing their risk and resilience; evaluate whether the output of these processes is sufficiently consistent to support single-system and system-of-systems resource allocation decision-making; review tools sponsored by federal government agencies involved in lifeline infrastructures for design elements; and design a high-level business process manage risk to advance infrastructure and regional security and resilience. In addition, the project team will describe a proven approach for motivating and organizing appropriate public-private secure information sharing and collaboration; and sketch an outline of R&D projects (including field developmental pilots) to refine and prepare for broad-scale application.
The CISR-RMP project team will document current risk/resilience analysis methods; define design objectives and constraints for a common business process; describe a CISR business process that could be integrated into the routine business processes of the lifeline infrastructures, local governments and metropolitan public-private partnerships; and outline the next steps through projects and pilot tests to advance the CISR business process toward wide-spread use.
CISR-RMP Project Contact:
Ryan M. Colker, JD, Director, Consultative Council, Presidential Advisor, National Institute of Building Sciences
High Performance-Based Design for Buildings
When it comes to planning a high-performance building, blast resistance is not usually the first goal that comes to mind. Yet heightened security is a priority many building owners are increasingly requiring in new and renovation construction projects, along with other high-performance goals such as safety, energy efficiency, sustainability and functionality. The U.S. Department of Homeland Security (DHS) continues to work with the National Institute of Building Sciences on the project, High-Performance Based Design for Buildings (HPBD), to help building owners evaluate total building performance—including security when planning a renovation or new building project.
The goal of the DHS HPBD project is to develop a modeling tool for planning high-performance buildings that incorporates a multi-hazard approach. The project continues the work begun in 2010 on Phase 1 that focused on the enclosure/envelope for office buildings. The enclosure, often the first line of defense against attack, and also increasingly called on to address energy conservation and sustainability, remains an important focus of the project. In its second phase, the project has expanded to cover the primary building systems for structural, mechanical and electrical to allow for an assessment of the critical components of a whole building design. The tool uses demands, high-performance requirements, metrics, benchmarks and verification/validation methods to help establish the owner’s project performance requirements. Establishing clear performance requirements, a first step in the building commissioning process, can help ensure that blast resistance; ballistic; chemical, biological and radiological (CBR) protection; and other building performance objectives such as thermal resistance, energy utilization, environmental impact and durability are incorporated into building design for enclosures and other key building systems.
The HPBD project supports the DHS Science and Technology Directorate (S&T) Infrastructure Protection and Disaster Management Division's (IDD) goal to ensure that building owners have a means to incorporate high-performance goals for blast, ballistic and CBR protection into their building programs. The program builds on work that the Institute and its High Performance Building Council (HPBC) have been pursuing for many years. The HPBC has defined high-performance buildings as the integration and optimization on a life-cycle basis of all major high-performance attributes, including energy conservation, environment, safety, security, durability, accessibility, cost-benefit, productivity, sustainability, functionality and operational considerations. Legislators incorporated this definition into the Energy Independence and Security Act (EISA) of 2007.
The project approach relies on technical experts in architectural, fenestration, structural, mechanical and electrical systems to identify high-performance requirements, metrics and results that integrate resistance of multi-hazards and demands with all relevant attributes of performance. A detailed report, High Performance Based Design for Building Enclosures, that documents the work by the team on Phase 1 of the project, is available for review and comment.
An automated tool that uses the information developed by the technical experts to establish Owner's Project Performance Requirements (OPR) for a project is also available in a beta version for use at www.oprtool.org.
The OPR tool helps a building owner establish high-performance targets for new
and renovation projects that take into account all aspects of enclosure performance.
Comments on the use of the tool are welcome and will be incorporated into the
whole building version currently under development.
Integrated Rapid Visual Screening Series (IRVS) for Buildings, Mass Transit Stations, Tunnels and Airports
The Integrated Rapid Visual Screening (IRVS) is a quick and simple process developed by the U.S. Department of Homeland Security (DHS) Science & Technology Directorate (S&T) to provide guidance on risk assessment and mitigation against multi-hazard events as part of its Building Infrastructure and Protections Series (BIPS). The Institute is supporting DHS S&T with ongoing efforts to expand coverage of facility types and gain adoption and use of the family of IRVS manuals and tools by government and the private sector.
IRVS is designed to determine initial or relative risk and resilience for facilities based on visual inspection only. It is currently available in versions for Buildings, Mass Transit Stations and Tunnels. The process followed for each facility type is presented in a manual. The knowledge for calculating both risk and resilience is embedded in a computerized IRVS tool. Major interactions are automatically calculated in the tool by pre-assigned weights, interaction logic, and context-sensitive algorithms based on knowledge and tool validations. Risk is based primarily in target attractiveness (for manmade hazards). For natural hazards, it uses probability of occurrence. Risk is a product of consequences multiplied by threats multiplied by vulnerabilities. Resilience is computed from a combination of robustness, resourcefulness, and recovery factors based on information such as hardening, training, and redundancies. Information obtained from the IRVS analysis can be used by law enforcement agencies, emergency managers, facility managers, engineers and architects to support higher-level assessments and mitigation measures.
- The Buildings manual and software tool categorizes 15 building types and addresses 20 hazardous events: internal (intrusion, blast and CBR); external blast and external chemical, biological, and radiological releases from 100, 300 and 1,000 feet; earthquakes (ground shaking and ground failure; floods (still water and velocity surge); wind (hurricane, tornado, and other wind events); landslide (rainfall and earthquakes); and fire (resulting from earthquakes, blast, or arson. View and download the Buildings Manual (BIPS 04) and Software Package at www.dhs.gov/bips.
- The Mass Transit Station manual and software tool address heavy rail, light rail, commuter rail, trolleys, and buses. Assessment is based on features that can be observed during a rapid visual inspection. View and download the Mass Transit Station Manual (BIPS 02) and Software Package at www.dhs.gov/bips.
- The Tunnel manual and software tool determines initial or relative risk and resilience of a tunnel, defined as a passageway through or under an obstruction, such as a city, mountain, river, or harbor, assessment is based on features that can be observed during a visual inspection. View and download the Tunnels Manual (BIPS 03) and Software Package at www.dhs.gov/bips.
An Airport manual and software tool version are under development currently and will be available in the near future.
IRVS Software Highlights:
The software for the IRVS family of tools is now digital and includes integrated capabilities for mass transit, tunnels, and buildings in one software package. This facilitates data collection and functions as an effective data management tool. Assessors can use the software on a PC, tablet or laptop to systematically collect, store, and report screening data. The software can be used during all phases of the IRVS process (pre-field, field, and post-field).
- Digital catalogue and forms
- Field data collection and storage
- Automatic risk scoring
- Printable reports
- Google Earth application
View the IRVS Demonstration Video