RBPS Guidance – RBPS #1 Restrict Area Perimeter

This is another in a series of blog postings that will provide a close-up look at the RBPS Guidance document. DHS recently released this document to assist high-risk chemical facilities in meeting the risk-based performance standards required for site security plans under 6 CFR §27.230. The other blogs in the series were the: Risk-Based Performance Standards Guidance Document RBPS Guidance – Getting Started In this posting will cover the first Risk-Based Performance Standard (RBPS), Restrict Area Perimeter. Almost the entire written portion of this RBPS remains unchanged from the Draft Guidance document. The only significant differences will be found in the Metrics, but even those changes are more cosmetic than effective. There is a great deal of overlap between this standard and RBPS 2 (Secure Site Assets), RBPS 3 (Screen and Control Access), RBPS 4 (Deter, Detect and Delay), and RBPS 10 (Monitoring). Anyone that is interested in really understanding how to fulfill the requirements of this standard needs to read those standards as well. Perimeter vs Asset Security One of the first things that a facility security manager is going to have to decide in developing a site security plan is how much of the facility footprint is going to be included in the security perimeter. While the first assumption that everything within the ‘fence line’ will be secured, many factors will go into that decision. The size of the facility, the COI to be protected and the facility terrain are all factors that must be considered. The one consideration that argues for the largest possible security perimeter is the need to provide the greatest amount of time for a security response to be mounted. This is illustrated in the Guidance document in Figure 1 on page 23. This shows how much more time the security force has to respond when the attack is detected at the facility perimeter. This is especially important when a facility relies on local law enforcement for the armed component of its response. One option for facilities with extremely large perimeters that is not adequately discussed in the Guidance document is for the facility to rely more on detection than barriers at the extreme limits of the perimeter. While this does little to stop accidental or incidental perimeter penetrations it does provide for the critical response time. It can result in more false alarms, especially if there is a lot of off-road traffic in the area. Security Measures The Guidance document notes that there are typically four types of security measures that are used to protect the facility perimeter. They are:

Perimeter barriers, Intrusion detection systems or other types of monitoring, Lighting, and Protective forces

The major point made here (and elsewhere in the RBPS Guidance document) is that there is no single security tool or method that will adequate protection of the facility. A carefully considered combination of techniques using a ‘layered approach’ will usually be the most successful way to prevent successful terrorist attacks on high-risk chemical facilities. What most people with out extensive security training fail to realize is exactly how ineffective most barriers are to determined intruders. The ubiquitous chain-link fence is very easy to go over or through. That is not to say that barriers have little use in a security plan. Security planners just need to insure that barriers are under some form of observation. The importance of lighting at the facility perimeter is often overlooked. Adequate lighting not only aids in monitoring the perimeter, but it also acts as an important psychological barrier because it removes the protective cloak of darkness. Facilities with long and remote perimeters will find adequate lighting to be expensive to install and maintain, but the alternative is to use more expensive observation techniques that can operate in low ambient light levels. RBPS Metrics I still have a minor problem with the use of the term “Metrics”. This implies measurements to standards. These metrics do not actually allow ‘measurement’ because Congress prohibited DHS from specifying any security measures in their approval of Site Security Plans. To be fair, I’m not sure what word I would have used in place of ‘Metrics’ so I guess I shouldn’t complain. I am more concerned with the fact that there are terms and concepts used in the metrics to describe ‘potential’ security measures that are not discussed in the body of the RBPS chapter. Metric 1.1 mentions the use of ‘clear zones’ but there is nothing to describe what those are, how they are used, or considerations in their employment. Similarly Metric 1.3 suggests the use of ‘standoff distance’ to mitigate the effect of VBIED, but there is no discussion of how to effect that standoff and how much standoff might be necessary. Then there is no discussion of how standoff is used to protect against direct fire weapons like rocket propelled grenades. Appendix C There are additional details in Appendix C about the various security measures described in the RBPS. The discussion of barriers is especially good, though it is no where near good enough to make one an expert on barrier technology. The information in Appendix C that will probably be most valuable is the list of references at the end of each discussion.