By Er. Dr. Ang Choon Keat
Prostruct Consulting Pte Ltd
Manmade and natural disasters can cause serious damages and disruption to infrastructures and businesses.
The Oklahoma City Bombing on 19 April 1995 led to the progressive collapse of the Alfred P. Murrah Federal Building (Linenthal, 2020) and subsequent cessation of all operations. The explosion of 2,750 tons of ammonium nitrate at the port of Beirut, Lebanon on 4 Aug 2020 killed at least 160, wounded 6,000 and displaced 300,000 people from their homes (Reid, 2020). Buildings in a 10 km radius were reported to be damaged (Balkiz, Qiblawi, & Wedeman, 2020). The recent COVID-19 pandemic has caused major disruptions to businesses and the way we work, live and play.
Singapore Deputy Prime Minister Heng Swee Kiat has highlighted the importance of a resilient economy in the post COVID-19 world (The Straits Times, 2020). All businesses should consider the resilience of their infrastructure and incorporate the relevant physical measures and institute operational preparedness, to mitigate against possible disruptions to ensure business continuity.
What is Infrastructure Resilience?
The National Infrastructure Advisory Council (NIAC) in the United States defines Infrastructure Resilience as the ability to reduce the magnitude and/or duration of disruptive events. The effectiveness of a resilient infrastructure or enterprise depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event. Similarly, the Resilient Design Institute defines Resilience as the capacity to adapt to changing conditions and to maintain or regain functionality and vitality in the face of stress or disturbance. It is the capacity to bounce back after a disturbance or interruption.
For example, the England Emergency Preparedness, Resilience and Response (EPRR) Framework (2015) outlines the requirements for the National Health Service (NHS) to prepare for emergencies, to have flexible arrangements which can be scalable and adaptable to work in a wide range of scenarios. EPRR aims to ensure that plans are in place to ensure resilience, allowing the community, services, area or infrastructure to detect, prevent, withstand, handle and recover from disruptive challenges (NHS England National EPRR Unit, 2015).
Achieving Infrastructure Resilience
The National Institute of Building Science (2018) in the United States presented four Infrastructure Resilience principles to minimize the disruption to building operations caused by any undesired event and the time taken to return to 100% operability:
Robustness – The ability to maintain critical operations and functions in the face of crisis. The building, its critical and supporting systems can be designed to minimize disruptions.
Redundancy – Backup capabilities are able to provide critical functions when primary sources have failed, reducing the down time of critical functions and their impact to building operations.
Resourcefulness – The ability to prepare for, respond to and manage an ongoing crisis or disruption. It includes effective communication of decisions made, business continuity planning, supply chain management, security and resilience management systems. These contingency measures are to prioritize courses of action to control and mitigate damage and should be adaptable to ensure effectiveness in various scenarios.
Recovery – The ability to return to normal operations as quickly and efficiently as possible after a disruption through the deployment of the right resources to the right places.
The United States National Infrastructure Protection Plan (NIPP): Partnering for Critical Infrastructure Security and Resilience (NIPP, 2013) provides guidance to the critical infrastructure community to build and sustain critical infrastructure security and resilience to manage risks. The United States Federal Emergency Management Agency (FEMA 452) offers a similar framework. The following methodology was referenced from these frameworks (refer to Figure 1).
Figure 1: Risk Management Process
Set Goals and Objectives of Infrastructure Resilience – Establish objectives and priorities for critical infrastructure that are tailored and scaled to their available resources, operational and risk environments.
Identify Critical Assets – Establish and identify the assets, systems, and networks that are essential to the continued operation, considering associated dependencies and interdependencies.
Assess and Analyse Risks – Risk assessments are conducted to facilitate the owner in decision making.
Implement Risk Management Activities – Implement measures that minimize disruption to operations and reduce time required to return to normal operations.
Loss mitigation and business continuity under disruption are key considerations in Physical Security and Bio-Security and this framework could help in the planning and design for infrastructure resilience.
Infrastructure Resilience: Physical Security
The threat of terrorism to our security remains high. As the current COVID-19 pandemic sweeps across the world causing social and economic fallout, security experts are wary of a resurgent and revamped form of terrorism found on extremism and assisted by online connectivity. The resilience of infrastructure against physical security threats can be examined using the Infrastructure Resilience Principles, and the Risk Management framework could be used to develop strategies to frustrate and disrupt an adversarial attack. The infrastructure and its critical and supporting systems could be designed for robustness to minimize disruptions in the event of a terror attack. Backup of the critical functions could be provided for redundancy. Business continuity planning, security and resilience management systems could be developed to prioritize courses of action to control and mitigate damage and ensure effectiveness in various scenarios including terror attack. The infrastructure could also be designed for optimal recovery and return to normal operations as quickly and efficiently as possible after a terror attack. These principles are frequently applied in the Risk Management methodology and further developed into an infrastructure resilience strategy. An example is the following 5 layered strategy deployed to provide a robust prevention and protection system against terror threats (NIAC,2009) (MHA, 2018):
Deter – Deterrence aims to prevent a potential disruption by turning the infrastructure or facility into an undesirable target. It can be achieved via facility design, rules and protocols that prohibit undesired activities or encourage desired practices and awareness.
Detect – Early detection of potential disruption alerts stakeholders, giving them more time to better respond to the disruption.
Delay – This layer aims to slow down the progress of disruption by using obstacles. Stakeholders can use the additional time to better respond to the disruption.
Deny – By creating separate zones within the building, exposure of critical portions of the building to disruption would be reduced.
Defend – This layer focuses on reducing the damage or impact to operations if disruptive incidents occur. It can be achieved by purposeful design of infrastructure and holistic management plans to deal with the crisis.
Figure 2: Protection Plan
Figure 2 above illustrates the Physical Security measures and technologies which can be utilized to achieve these Physical Security principles. First, deterrence via the various security and protection measures is used to discourage any attempt of an attack by emphasizing on the likelihood of failure and capture. It is a psychological battle to ensure that some intended criminal activities never start. Effectiveness of security measures can also be amplified through signages and messages.
Entry into the controlled zone would be denied to unauthorized personnel at security checkpoints. Anti-climb fences, vehicle barriers and bollards are implemented to deny and delay any attempt to enter the controlled zone.
Figure 3: Security Bollards
CCTV systems, intrusion detection systems, electronic access control systems are typical detection systems that alert security forces of any breach of security. The asset can be further defended by hardening the critical sections of the building.
A straightforward method of hardening is to increase the physical size and / or reinforcement details of structural components to improve the resistance against threats such as explosions and blast loads. Alternatively, structural components can also be strengthened by other means such as Fibre Reinforced Polymer composites or steel jacketing. Openings such as doors, windows, louvres etc can also be installed with blast rated protections.
Even with the implementation of prevention and protection measures, it is still possible that the attack was successful at damaging the asset, causing disruption to building operations.
With backup assets and resources, single points of failure can be prevented. The contingency plans enacted during peacetime would facilitate the takeover of critical functions within a short timeframe, returning operations to normal levels.
To mitigate the weaknesses of Physical Security measures and design, there is a need to have an adequate number of personnel with the right competencies to ensure effective security & resilience operations during crisis – including proper response to crimes and terrorist attacks. Depending on the nature of threats, additional external response may be required to mitigate the threats. Resources, standard operating procedures and communication channels should be in place beforehand such that the response can be initiated immediately.
Infrastructure Resilience: Bio-Security
The recent COVID-19 pandemic has been a wake-up call for the world. Some organisations have realised their lack of Infrastructure Resilience in the face of the pandemic. Significant outbreaks of disease / biological threats can threaten lives and cause disruption to infrastructure and the businesses. This is true regardless of the origin of the outbreak:
- Pandemic Influenza
- Emerging infectious diseases
- Accidental release from scientific or industrial facilities
- Deliberate biological attack
The UK Biological Security Strategy (Department for Environment, Food and Rural Affairs et al., 2018) provides four pillars in response to biological threats: Understand, Prevent, Detect and Respond. These pillars can be adapted for Infrastructure Resilience.
Understand – Understand the risks of ongoing or possible future biological threats.
Prevent – Prevent the spread of the pathogen through design of the building
Detect – Ability to identify biological threats or carriers through the use of detection systems and tests.
Respond – Reduce the impact of biological threats and enable rapid recovery to normal operations.
Regardless of whether it is ongoing or future biological threats, understanding the threats in areas such as typical transmission methods, symptoms, signs of contamination etc. is crucial for the selection of effective prevention, detection and response methods.
Prevention of the spread of biological threats can be considered during the building’s design phase. Ventilation systems of various sections of the building can be isolated to deny the travel of air borne pathogens from one part of the building to another. Positive pressure rooms prevent outside air from entering, denying entry of the pathogen.
Protective design with isolation of special-use spaces through layout and ventilation system planning can further limit the impact of contaminants in vulnerable spaces on the rest of the building, thereby reducing exposure to the bulk of the building occupants (Persily et al., 2007).
Detection of biological threats before it enters a building can be done via sensing technologies and procedures. Sensors can be deployed at entry points to detect signs of biological threats or symptoms of carriers, preventing possible spread and disruption to operations. Temperature sensors for COVID-19 are examples of sensors that can be implemented quickly during a crisis.
Figure 4: Temperature Screening at Entry Points for COVID-19
The most critical response during an ongoing biological threat incident is to have effective and proportionate strategies to decontaminate any area, to allow a return to normal as soon as possible. Implementation of contingency measures such as staggering of work, meal times, and physical distancing etc. at the workplace combined with wearing of masks can aid in delaying the spread of some pathogen.
Besides the impact to occupants, biological threats may impact the operations of the supply chain, leading to disruptions downstream. Buildings that are able to manage supply chain issues during lock down by implementing business continuity measures and securing alternative sources of supply would be able to quickly recover from the initial disruption. Appropriate stockpiling of resources and material during peace time is crucial to provide effective recovery against a wide range of potential scenarios.
Redundancy of personnel can be achieved with split team arrangements as they prevent the spread of pathogens across teams, with each team acting as the respective backup of the other. Telecommuting can be implemented to restore operations in a lockdown, allowing for the rapid recovery of normal operations for certain services and industries.
Figure 5: Telecommuting (Rawson, 2019)
The Infrastructure Resilience Principles and Risk Management framework presented here provide building owners, security designers, engineers and architects with a structured approach to planning and designing for Infrastructure Resilience. Effective strategies can be developed to minimise disruption to operations and ensure business continuity, for example, when faced with physical security and bio-security threats.
In the building of a resilient economy, the resilience of the infrastructure would be essential to assure investors and business owners that supply chain would not be disrupted and business could continue, and people operating the infrastructure and occupants of the buildings are confident that they would be effectively protected and it is safe to work, live and play.
** End **
Connect with Us
Ang Choon Keat
Balkiz, G., Qiblawi, T., & Wedeman, B. (2020, August 05). Huge explosion rocks Beirut, injuring thousands across Lebanese capital. Retrieved August 28, 2020, from https://edition.cnn.com/2020/08/04/middleeast/beirut-explosion-port-intl/index.html
Department for Environment, Food and Rural Affairs, Department of Health and Social Care & Home Office (2018). UK Biological Security Strategy. Retrieved from https://www.gov.uk/government/publications/biological-security-strategy (Accessed: 27 August 2020)
Federal Emergency Management Agency (FEMA) (2005). Risk Assessment A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings.
Linenthal, E. T. (2020). Oklahoma City Bombing: The Encyclopedia of Oklahoma History and Culture. Retrieved August 28, 2020, from https://www.okhistory.org/publications/enc/entry.php?entry=OK026
Ministry of Home Affairs (MHA). (2018). Guidelines to Enhancing Building Security in Singapore. Retrieved from https://www.scdf.gov.sg/home/fire-safety/downloads/acts-codes-regulations/enhancing-building-security
National Infrastructure Advisory Council (NIAC). (2009). Critical Infrastructure Resilience Final Report and Recommendations. Retrieved from https://www.cisa.gov/publication/niac-critical-infrastructure-resilience-final-report
National Infrastructure Protection Plan (NIPP). (2013). Partnering for Critical Infrastructure Security and Resilience. Retrieved from https://www.cisa.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and-resilience
National Institute of Building Sciences (NIBS). (2018, August 1). Building Resilience. WBDG. https://www.wbdg.org/resources/building-resiliency
NHS England National EPRR Unit. (2015). NHS England EPRR Framework. Retrieved from https://www.england.nhs.uk/ourwork/eprr/gf/
Persily, Andrew & Chapman, R. & Emmerich, Steven & Dols, William & Davis, H. & Lavappa, P. & Rushing, A.. (2007). Building Retrofits for Increased Protection Against Chemical and Biological Releases.
Rawson, R. (2019, August 2). Software to Manage Telecommuting Employees. Biz 3.0. https://biz30.timedoctor.com/software-for-managing-telecommuters/
Reid, K. (2020, August 18). Lebanon: Beirut explosion facts and how to help. Retrieved August 28, 2020, from https://www.worldvision.org/disaster-relief-news-stories/lebanon-beirut-explosion-facts-how-help
The Straits Times. (2020, October 5). Parliament: Resilient economy and going green can boost Singapore’s growth after Covid-19, says DPM Heng Swee Keat.