The Weakest Link in the Chain: Glass Vulnerabilities and The Active Shooter

As a consultant focused on active shooter risk, there are a number of critical problems that appear as recurring themes during facility assessments—improper use of mag locks, egress obstructions, deficient communication systems, weak emergency response plans, and so on. But when asked to rank issues for purposes of prioritization and cost-benefit analysis, my number one concern is almost always the presence of tempered glass glazing in doors, windows, and indoor partition walls.

Tempered glass is typically employed as safety glass in architectural design. It is made by heating regular glass to a very high temperature and then cooling it rapidly. This process, known as tempering, results in a glass that is stronger and more durable than regular glass and when shattered, breaks into small, rounded pieces rather than sharp, jagged shards.

Although this tempering process produces a safer and more impact resistant glass, tempered glass provides only 4-5 times the impact resistance of annealed glass and offers minimal protection against forced intrusion. Tests documented by Sandia National Laboratories show that 0.25 inch tempered glass delays intruders using a fire axe for only 3-9 seconds, and the mean delay time for penetrating 1/8 inch tempered glass with a hammer is 0.5 minutes.[1]

However, this data is of little value when assessing vulnerability against forced entry by a gunman. The tests documented by Sandia only focused on penetration using hand tools and did not account for the fragility of tempered glass after initial penetration by a firearm projectile. In our penetration tests of 1/4-inch tempered glass windows using a 9mm handgun to penetrate glazing prior to impact by hand, the delay time was only 10 seconds.[2] What happens in this situation is once the glass is penetrated by a bullet, it critically fractures into a spiderweb of cracks and disintegrates.

This critical vulnerability was witnessed in both the 2012 Sandy Hook Elementary shooting and recent attack at The Covenant School in Nashville. As captured in CCTV footage, the tempered glass entrance doors at The Covenant School were completely shattered after impact by several rounds of gunfire resulting in 20 seconds of total penetration time for both the exterior doors and inner vestibule.

Security Glazing and Reinforcement Options

In situations where tempered glass presents a vulnerability concern, we recommend replacement or upgrade with an intrusion-resistant alternative such as laminated glass, polycarbonate, or reinforcing the existing windows with properly-anchored security window (anti-shatter) film.

Laminated Glass

In new construction, laminated glass is the preferred material when budget permits. Laminated glass is a composite material made by sandwiching a layer of polyvinyl butyral (PVB) or other interlayer material between two or more layers of glass. The layers of glass are bonded together under heat and pressure to create a single, laminated pane.

Sandia’s test data shows that 1/4-inch laminated glass delays forced entry by a fire axe for 18-54 seconds, and the mean delay time for penetrating 9/16-inch laminated security glass with hand tools is approximately 1.5 minutes.[1] [2] Although I do not have test data regarding the penetration of laminated glass by a gunman, the construction properties of laminated glass suggest the delay times are considerably higher as the framing would likely fail before the glass-composite material breaks into an aperture.

Most glazing products rated under forced entry standards, such as UL 972 and EN 356, are made of laminated glass.

Polycarbonate

Polycarbonate is another option. At thinner dimensions, polycarbonate provides decent impact resistance but comparable performance to tempered glass against fire axe attacks. Polycarbonate truly distinguishes its benefit at thicknesses of 1/2-inch or greater. According to tests documented by the Nuclear Security Systems Directorate, 1/2-inch polycarbonate can delay hand tool penetration for up to two minutes.[3] Sandia also cites 2-6 minutes of delay for penetration of polycarbonate by a fire axe and sledgehammer.[4]

Polycarbonate is relatively inexpensive and can be purchased as sheets, cut to size, and edged with sandpaper for retrofitting door vision panels and similar applications. UV-coated polycarbonate can also be useful for constructing intrusion-resistant panels for protecting the inside of windows that cannot be replaced or upgraded with the use of other materials, such stained glass windows in churches or original wood-framed windows in historical buildings.

The main drawbacks of polycarbonate are it’s susceptibility to scratch damage and degradation from UV exposure.

Security Window Film

If budget does not allow for replacing existing tempered glass glazing, security window film (“anti-shatter film”) properly attached and anchored to tempered or annealed glass may be a cost-effective alternative. In 2015, our firm conducted penetration tests of 1/4-inch tempered glass windows with mechanically-attached 14 mil window film using a firearm followed by impact with kicking and rifle buttstock. The resulting delay times ranged from 62 to 94 seconds.

In the following video, Larry (one of my penetration testers) demonstrates the difference in penetration times between unprotected tempered glass and a film-reinforced window. I personally witnessed and timed these tests.

Play Video

If security window film is chosen as an upgrade for existing tempered glass windows, I strongly encourage using a multi-ply film no less than 14 mils in thickness and from a reputable manufacturer. When asked for a brand recommendation, I prefer Solar Gard due to my familiarity with their quality controls and experience testing their products as an independent third-party.

As an important point, specifications should require mechanical or wet glaze attachment to ensure that the film is securely anchored at the frame. The following images illustrate what is meant by mechanical and wet glaze frame attachment.

If security window film is not securely attached to the window frame using a film anchoring device (second mechanical frame) or wet glaze sealant, the film membrane will adhere to the shattered glass as one unit while the window breaks at the edges of the frame. This type of failure compromises any delay benefit from window film. The results of this type of improper installation can be witnessed by viewing videos of the Capitol Hill riot where film-protected windows provided less than 10 seconds of delay after tearing at the edge when kicked by rioters.

I also recommend careful due diligence when selecting a vendor for installation of security window film. I have seen numerous examples over the past fifteen years where organizations spent major sums amounts of money on film upgrades with limited benefit and/or service life due to improper and shoddy installation.

Following are some useful tips for questioning vendors and spotting poor quality installation from one of the top experts on the subject, Scott McCutcheon of Emerald Coast Glass Protection.

- Bubbles and Wrinkles – One of the most obvious signs of a bad security window film installation is the presence of bubbles and wrinkles in the film. This can be a sign of poor adhesion or improper installation, which can compromise the effectiveness of the film. If you notice bubbles or wrinkles in your security window film, it’s important to address them as soon as possible to prevent further issues.
- Gaps and Overlapping Edges – Another sign of poor security film installation is the presence of gaps or overlapping edges in the film. This can indicate that the film was not properly cut or sized for the window, which can compromise the effectiveness of the film’s security features. It’s important to ensure that the film is properly sized and cut before installation to prevent these issues.
- Inadequate Adhesion – A security window film that is not properly adhered to the window can also be a sign of a bad installation. Inadequate adhesion can cause the film to peel or lift, which can compromise its effectiveness and potentially create a safety hazard. It’s important to ensure that the film is properly adhered to the window to prevent these issues.
- Poor Quality Film – Not all security window films are created equal, and a poor quality film can also be a sign of a bad installation. Low-quality films may not offer the same level of security as higher quality films, and they may be more prone to bubbling, peeling, and other issues. It’s important to choose a high-quality film from a reputable manufacturer to ensure that you are getting the best possible protection for your property.
- Lack of Professional Installation – A bad security window film installation may simply be the result of an inexperienced or unqualified installer. It’s important to choose a professional installer who has experience with security window film installations to ensure that the job is done right. A professional installer will have the tools and knowledge needed to properly size, cut, and install the film, which can ensure that it is effective and long-lasting.
- Exterior Installation – Beware of any vendor proposing the idea of installing film on the exterior of the window! Environmental exposure will quickly degrade the film and reduce its service life. Many inexperienced installers also propose double-sided installation of thinner films due to the difficulty of working with 14 and 16 mil films.

Bullet-Resistant Glass

Bear in mind, none of the aforementioned glazing materials are bullet-resistant with the exception of specially-engineered laminated glass or polycarbonate products that have been tested and certified under appropriate standards. I emphasize this point due to confusion I’ve witnessed in working with clients who have been deceived by misleading marketing efforts or misunderstandings resulting from inaccurate language often used by the public (“ballistic window film,” etc.).

Nevertheless, protection against forced entry by a gunman is usually our top priority when specifying barriers in security designs. Considering a variety of cost-benefit factors, we usually reserve specification of bullet-resistant products for situations where people are positioned in highly vulnerable locations or protecting critical response assets, such as security control rooms and armed officers posted in lobbies. In these types of situations, the vulnerability and importance of the assets often justifies the expense and installation challenges (e.g., weight load, framing requirements, etc.) of installing bullet-resistant products.

If a decision is made to employ bullet resistant glazing and the threat is defined as a gunman with a 5.56mm rifle (AR-15), we recommend only using glazing products that have been properly tested and certified under American standards UL 752 (Level 7) and ASTM F1233 (R1), or European standards EN 1063 (BR5) and EN 1522 (FB5).

References

[1] Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978.

[2] Critical Intervention Services assisted window film manufacturer Solar Gard in 2015 in conducting a series of timed penetration tests of unprotected tempered glass windows and glazing reinforced with anti-shatter film.

[3] Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978.

[4] Garcia, Mary Lynn. Design and Evaluation of Physical Protection Systems. Burlington, MA: Elsevier Butterworth-Heinemann, 2007.

[5] Ibid.

[6] Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978.

Craig Gundry

Craig Gundry is the Vice President of Special Projects for Critical Intervention Services and an instructor on advanced security topics for the S2 Institute. As a consultant, Mr. Gundry specializes in managing risks of mass homicide (e.g., terrorism, active shooter violence, etc.) and has assisted clients around the world in improving their security and emergency readiness programs.

October 6, 2022October 6, 2022

Barrier Delay Measures and The Double Edged Sword

While assisting a reporter after the Uvalde shooting, a question was posed that maybe warrants some discussion. During the interview, I described some examples of common physical security problems I encounter in schools including choice of classroom door locks among other issues.

Those who have read my previous articles or attended my courses have heard me preach against the use of “classroom-function” locks (ANSI F05 and F84) in favor of “office-function” locks (ANSI F04 or F82). The concern about “classroom-function” door sets is that they require a teacher to lock the door using a key from the outer side of the door. This may not sound like a big deal to a casual observer, but this situation is a recipe for disaster when a teacher needs to locate a set of keys, open a door to the hallway without knowledge of the gunman’s location, and manipulate keys under the debilitating effects of the Sympathetic Nervous System. And if a teacher is absent at the time an attack occurs, students in the classroom have no way of securing the door.

The concerns I’m describing are not hypothetical. We’ve had a number of shooting events where doors equipped with classroom-function locks remained unlocked due to these reasons. A few examples of incidents where this situation clearly contributed to unnecessary casualties include the 2012 Sandy Hook Elementary shooting and 2007 Virginia Tech attack.[i] [ii] In those two events alone, 26 students and faculty were killed and 24 wounded specifically because of difficulty locking these doors.

By specifying “office-function” locks which feature a button or thumb turn, we can eliminate all these concerns.

Now here’s the question posed by the reporter…She asked if the ease of locking doors with “office-function” locks could be exploited by an attacker to barricade themselves inside a classroom to delay entry by police (as originally suspected in aftermath of the Robb Elementary School shooting).

And the answer is absolutely yes.

Although this situation is not common, we have had a number of events in the past where gunmen locked and barricaded themselves with victims to delay intervention by authorities. As a few examples:

- In 2019, a student perpetrator removed the magnetic strip covering a strike plate to lock a classroom door when he and another shooter opened fire on fellow students at the STEM Highlands Ranch School.

- In 2007, SHC used chains and a padlock to secure the exterior doors of Virginia Tech’s Norris Hall. A similar situation also occurred involving a chain and padlock at the Irvine Taiwanese Presbyterian Church in 2022

- In 2006, CCR boarded up the doors and windows during the West Nickel Mines school massacre.

In each case, the objective of the perpetrator was to delay intervention by authorities.

Another related concern is the issue of access-controlled door locks and potential interference with entry when police arrive on scene. This matter contributed to access complications during the 2015 attack at the Inland Regional Center in San Bernardino. And during the 2013 Washington Navy Yard shooting, police required use of an access badge recovered from a deceased security officer to enter secured areas of the building.[iii]

Now returning to the news interview, the implied question was if it would be better to have classroom function locks and weak barriers that can be easily breached by responding police.

And the answer is absolutely not.

Although a gunman can easily lock an office-function lock without a key and access-controlled locks can complicate police entry, the importance of reliable door locking and building security greatly supersedes this concern. Bottom line, we need to effectively delay the bad guy while also expediting armed response. Those are both universal priorities in security design against active shooter violence.

To address concern about law enforcement access into secured buildings, there are approaches for dealing with that problem without compromising effective security.

First, all door locks to rooms where people may take refuge should ideally be keyed on a building or campus-level master key. Although distribution of master keys to employees should be carefully restricted, several master keys should be kept on rings and secured in a location reliably accessible to arriving police. This location can include a Knox Box or go-bag stored in a safe location outside the building (such as a security gate house). Likewise, if the facility employs an access control system with badge readers, an access badge with full privileges should be attached to each master key ring.

As for concern about chained doors and police access through intrusion-resistant barriers (e.g., windows, etc.), many police departments now equip patrol units with bolt cutters, Halligan tools, and simple breaching aids specifically for this purpose.

However you decide to approach this matter, please do not ever compromise barrier performance for fear about impaired police response. As an old saying goes, that’s a “cure far worse than the disease.”

References

[i] Report of the State’s Attorney for the Judicial District of Danbury on the Shootings at Sandy Hook Elementary School and 36 Yogananda Street, Newtown, Connecticut on December 14, 2012. Office Of The State’s Attorney Judicial District Of Danbury, Stephen J. Sedensky III, State’s Attorney, N.p., 25 November 2013. pp.18

[ii] Mass Shootings at Virginia Tech. April 16, 2007. Report of the Review Panel. Virginia Tech Review Panel. August 2007. pp.13.

[iii] After Action Report Washington Navy Yard, September 16, 2013. Internal Review of the Metropolitan Police Department, Washington, D.C. July 2014. pp. 17.

Craig Gundry

August 25, 2022August 25, 2022

Safe Rooms, Classroom Security, & The Active Shooter

One of the most common problems we encounter in our work as security consultants is the absence of safe rooms and secure classrooms capable of providing sufficient delay during active shooter and terrorist attack events. In this article, we’ll explore ideal design criteria for safe rooms and important classroom security issues for addressing a wide spectrum of active shooter threats.

As discussed elsewhere in this series, most organizations concerned about active shooter violence have adopted the DHS ‘Run-Hide-Fight’ doctrine or related variations (i.e., “Run-Hide-Report”) as the basis for designing facility emergency action plans and training employees. This simplified guidance is presented as a prioritized list of preferred protective responses when an active shooter attack is recognized. “Run,” for instance, should always be the first option when the opportunity is present. If “Run” is not possible, then “Hide” is the next prioritized option.

Although “Run” (escape) is universally the preferred response, there are situations where “Hide” may be a necessary action due to the impracticality of rapidly evacuating people unable to take independent action for their personal safety (such as kindergarten students or nursing home residents). Additionally, there are often situations where trying to escape may be more dangerous than simply remaining in place. One good example is an attack launched at ground level in a multi-story building. In these situations, people rarely have accurate and real-time knowledge of the gunman’s location and safe routes of escape. Trying to evacuate from upper floors and through lower levels of a building is often far more dangerous than barricading in a nearby safe location.

In recent years, DHS has improved its presentation of active shooter education with more detailed guidance about circumstances that warrant different responses. Although single syllable words (“Run-Hide-Fight”) are easy for the public to remember, limited understanding can easily result in unsafe actions. “Hide,” for instance, is vague and implies no other essential protection than concealment. In our employee training programs, we use the term “Barricade,” which describes the recommended action more clearly. Simply put, hiding should never be regarded as a safe action unless the location provides adequate protection against forced entry.

To facilitate safe “Barricade” during armed attacks, facilities should ensure adequate availability of safe rooms and classrooms for people to take refuge if escape is not feasible.

In the security and emergency management communities, the term “safe room” often has varying definitions depending on purpose. In the executive protection industry, this term often implies a room engineered to provide significant delay against intrusion by a committed adversary employing advanced entry methods, ballistic protection, special life safety systems, multiple modes of communications, supplies to sustain extended refuge, etc. For organizations such as FEMA, the term broadly applies to any room or indoor shelter area designed to protect occupants from a hazard such as tornados, outdoor hazardous materials incidents, and other threats.

For the purpose of this article, a safe room (or secure classroom) is any room designated or constructed for the purposes of providing reasonable delay against forced entry considering the methods and tools likely to be employed by an active shooter.

So how much delay is necessary for a safe room to be considered “safe?”

The U.S. Department of Defense’s Unified Facilities Criteria UFC 4-023-10 answers this simply: “For the Forced Entry tactic, specify the required protection time based on the response time of the security forces determined in security forces evaluation in addition to the DBT [Design Basis Threat] and the LOP [Level of Protection].”

Simply stated, a safe room should delay an adversary from forced entry into the room long enough to allow the response force to intervene and neutralize the adversary. The necessary delay time being determined by the response force time and the methods and tools likely to be used by the attacker in penetrating the room.

From a textbook perspective, this is the correct answer and the ideal objective of performance-based physical security design. Although there are situations where this type of textbook approach is justified, in many workplace situations, designing safe rooms according to ideal performance-based goals is impractical and unnecessary when considering the historical behavior of attackers during active shooter events.

In a previous article, we explored the topic of adversary effort and commitment to attack people located inside locked rooms. In most attacks, adversaries focus on targets of easiest opportunity while moving through the building using visually-obvious routes and unlocked/unobstructed portals (e.g., doors, windows, etc.). In most previous attacks where adversaries committed effort to forcibly enter secured rooms, intervention by police or security forces was delayed and attackers had exhausted all available targets. The majority of these situations occurred in locations where terrorists employed assault teams or security forces were unprepared for immediate tactical response (e.g., Libya, Afghanistan, India, Kenya, etc.). And in these types of environments, DoD’s performance-based approach is often justified.

In Western countries where the majority of attacks are committed by a single active shooter and police intervention is typically under 20 minutes, a delay time of 45 seconds or more is often effective at frustrating forced entry and achievable without significant expense.

In these situations, I recommend designating or upgrading an abundant number of rooms throughout the facility to function as safe refuge rooms. This is especially critical in facilities where it is expected that vulnerable populations will refuge during an attack such as schools, nursing homes, and hotels. In these cases, all classrooms, guest rooms, and any other rooms where people are expectedly located should be capable of delaying forced entry by 45 seconds or more. In office-type situations, we recommend that there are at least several rooms on each floor and wing of the building that meet this basic criterion. This can include conference rooms, restrooms, break rooms, storage rooms, and offices which are reliably accessible to employees.

Basic Safe Room and Classroom Security Criteria for Active Shooter Protection

As a minimum, all rooms designated for safe refuge should feature intrusion-resistant doors and mechanical locks with a button or thumb turn.

As a general rule, outward-swinging doors provide the best protection against exterior ramming force due to resistance of the rebate within the frame. Additionally, adversaries attempting to pull open locked outward-swinging doors without the aid of tools are at a mechanical disadvantage. If rooms earmarked as potential safe rooms feature existing inward-swinging doors, door hardware (e.g., locks, strikes, and frames) should be carefully specified to ensure adequate resistance against ramming force.

Most doors certified under forced entry standards are constructed of steel. However, indoor rooms potentially earmarked for use as safe rooms in offices and schools are often equipped with solid core wood or solid wooden doors. Solid core doors are constructed with a composite wood core and overlaid with hardwood veneer for aesthetic appearance. The times required to penetrate solid core and solid wooden doors using methods likely to be used during active shooter attacks has never been published. Nevertheless, for protection against a gunman employing impact force without additional tools, solid door leafs (regardless of construction) are unlikely to be the point of failure when compared to the potential vulnerability of locks, strikes, wooden frames, and vision panels.

For protection against entry by buttstock impact and kicking, all lever and knob sets on safe room doors should ideally be rated ANSI/BHMA A156 Grade 1 or have a minimum Security Grade of 4 under Europe’s EN 12209. Mechanical locks rated ANSI/BHMA Grade 1 and EN 12209 Security Grade 4+ have been successfully evaluated under a variety of static force and torque tests.

All mechanical locks on safe room doors should be classified as “office-function” locks (ANSI mortise F04 or bored F82) featuring buttons or thumb turns for ease of locking under stress. In several previous active shooter attacks, critical doors on rooms where people were seeking refuge remained unlocked during the event due to the absence of a key. And as discussed in previous articles, good preparation for active shooter events should anticipate the effects of the Sympathetic Nervous System (SNS) on employee response. During high stress events, the SNS is often activated with impairing effects on cognitive function and fine motor coordination. These negative effects of the SNS can interfere with even simple tasks such as locating and manipulating keys.

Ironically, considering the history of active shooter attacks in American schools, locks classified by ANSI as “classroom function” (mortise F05 and bored F84) are perhaps the worst choice for safe room applications and should be avoided when possible. Classroom function locks are only lockable by a key from the outer side of the door. Not only do these locks require a key, but they also require the occupant to open the door and reach into the hallway to secure the lock.

Door vision panels and indoor windows on safe rooms should ideally be 96 in² (619 cm²) or smaller in accordance with U.S. DoD guidelines. We also recommend that any unprotected glass windows or vision panels within arm’s reach (approx. 36″ or 91.5 cm) of door handles and locks have a width of no more than 1.5″ (3.8 cm). If window dimensions do not conform to the aforementioned guidelines, glass should be replaced with intrusion-resistant materials such as laminated glass, polycarbonate, or upgraded with properly-attached anti-shatter film.

All windows and door vision panels should also feature blinds, shades, or curtains to conceal occupants while refuging in place.

In low-risk situations where the primary design objective is to simply frustrate adversary access, partition walls and drop ceilings are low priority concerns compared to doors and glazing. As described earlier in this article, armed attackers most often use visually-obvious portals (e.g., doors and windows) as their main pathways for movement. Although entry through drop ceilings is certainly possible, our research has not revealed any active shooter attacks to date where drop ceilings or vulnerable gypsum-board walls were exploited as a means of accessing people located in locked rooms.

Following is a summary of our criteria for a basic-level safe room/classroom applicable in most workplace and school situations.

In locations where the majority of attacks are committed by a single attacker and armed security or police response is typically under 20 minutes, a delay time of 45 seconds or more is often effective at frustrating forced entry. Rarely in these situations do we find adversaries committing time and effort to enter locked rooms unless encouraged by the presence of obvious vulnerabilities.

In many facilities, establishing a versatile availability of rooms that meet this 45 second delay objective is easily achievable. In many facilities I work with as a consultant, there are often vulnerabilities that need to be addressed resulting from original design (such as tempered glass windows or poor locks), but rarely does the situation require major expense.

However, situations occasionally arise which require a creative solution or more robust protective measures. Let’s explore some approaches to these challenges…

Facilities and Schools With Minimal Safe Room/Classroom Options for Active Shooter Protection

One challenge that arises frequently is facilities designed with large open workspaces with few existing rooms sufficient for designation or upgrade as safe rooms. Some common examples include call centers, warehouses, industrial plants, entertainment facilities, and event centers. I also encounter this situation frequently with recently constructed office buildings in Europe (and a few in the US) where planners and architects have designed buildings with open floorplans to engender team collaboration or non-hierarchical workplace culture.

We also find a related problem in buildings where architects have made extensive use of tempered glass glazing in indoor wall construction. In these situations, there are often plenty of rooms present, but the cost of upgrading or replacing glazing throughout the building would be astronomical.

In any of these cases, begin by first upgrading whatever rooms are available even if it’s only a few. I encountered this situation when working with a landmark building a few years ago—120,000m²of floor space with interior walls exclusively constructed of glass. The only rooms which had solid walls on most floors were restrooms and break rooms. So we started by making sure those rooms met essential criteria for use as safe refuge rooms while additional improvements were budgeted in a phased manner.

Another step may be constructing a limited number of rooms for use as safe refuge rooms while serving another role in day-to-day operations. One example was a government office building with open office workspaces on each floor. In this case, the solution was to construct a new conference room in a central area on each floor according to our safe refuge room specifications.

In situations where we need to rely on a limited number of safe rooms, it is crucial that the rooms we designate or upgrade are accessible to most employees when an attack occurs. For instance, a storeroom or manager’s office that is only accessible with a key possessed by a limited number of employees should not be considered as reliably available for this purpose.

If the facility has an access control system, one method of approaching this problem is to install badge readers and electromagnetic locks on these doors in addition to an “office-function” lock or single-cylinder deadbolt. During normal operations, the door remains secured using the mag lock and the mechanical lock remains unlocked. The system is then programmed so authorized employees can access the room using their access badge. However, when an armed attack event occurs, a lockdown macro programmed in the access control system is programmed to unlock this door now making it accessible to all employees. Employees refuging inside the room can then use the mechanical lock to secure the door.

As an example of this application, I had a situation with a large private school where there were very few options for safe refuge rooms in a shared arts center and athletic building. But there was a theater classroom (“black box theater”) with sufficient occupancy space for a large number of students. However, the theater room was normally secured using a mechanical lock operated by a key only possessed by theater teachers and facilities staff. To remedy this situation, the mechanical lock was kept unlocked and a mag lock was installed on the door operated by faculty badges. The access control system was subsequently programmed to unlock this door through a lockdown macro during attack events, thus making this room available to all students who can then secure the door manually using the mechanical lock.

If concerns about occupancy volume or ease of accessibility still remain after upgrading existing rooms and/or building new ones, egress design and ease of escape become top priorities (as explored in earlier articles of this series).

Advanced Safe Rooms for Active Shooter Applications

As discussed in an earlier article in this series, most active shooter attacks in Western nations are resolved by police (or suicide) in less than 20 minutes. Rare events (such as the 2016 Pulse Nightclub and 2015 Bataclan Theater attacks) had event durations as long as two hours. In these situations, a basic level safe room with a delay time of 45 seconds or more is often effective at frustrating forced entry by a gunman and achievable without great expense. However, in regions such as Africa and Southwest Asia, attacks frequently result in hostage-barricade situations due to the reluctance of police/security forces or remote location of attacked facilities (e.g., 2013 In Amenas Gas Refinery). In these types of situations, it should be expected that adversaries will have greater time, tools, and commitment to forcibly enter safe havens and secured refuge rooms.

To reliably achieve the types of delay times warranted during siege events and high-risk situations, safe rooms should be designed to provide six-sided protection (ceiling, floor, and walls) using barrier materials with similar delay time values. Wall barriers should also extend from floor-to-solid ceiling including any drop ceiling space.

Intrusion-resistant walls can be constructed using materials such as reinforced concrete, filled masonry block, expanded metal mesh, and polycarbonate-composite wall panels.

Reinforced concrete walls provide the best delay time performance against adversaries using limited toolsets. According to tests documented by Sandia, 4-inches of reinforced concrete with No. 5 rebar on 6-inch centers will provide approximately 4.7 minutes of delay against penetration with hand tools (including saw). If our threat definition is an adversary relying solely on firearm penetration and blunt object impact, reinforced concrete of any dimensions will provide almost indefinite delay.

Contrary to what many assume, unfilled concrete masonry unit (CMU) block walls provide minimal delay against forced entry and only slightly better performance than drywall against some methods of penetration. According to data published in the Barrier Technology Handbook, the mean delay time for penetrating an unfilled CMU block wall is only 36 seconds by the use of a sledgehammer. Unfilled CMU block walls are also susceptible to damage by rifle projectiles and may crumble when struck repeatedly by gunfire. For better performance in delaying forced entry, CMU block walls should be fully grouted and reinforced with rebar. According to tests documented by Sandia, filled 8-inch CMU walls with No. 5 rebar on 14-inch centers provide approximately 1.4 minutes of delay against penetration with hand tools.

Supplementing exterior drywall layers with a securely attached inner layer of expanded metal mesh is a common method of retrofitting existing walls for improved resistance against forced entry. Expanded steel constructed of 9-gauge 3/4-inch diamond mesh is a common material specification for this purpose. In this type of wall design, the expanded metal mesh is installed on the inside of the protected room and secured to wall studs by using deep screws and fasteners specially designed for this purpose. The expanded metal barrier layer is then overlaid with gypsum board or plywood. According to Sandia, a wall constructed of two layers of 3/4-inch plywood, two layers of gypsum board, and an expanded metal mesh interlayer can provide as much as 6.5 minutes of delay against penetration with hand tools.

Despite the popularity of 9-gauge material as a safe room design specification, money can often be saved by using a lighter mesh without compromising performance. If the threat definition is an adversary equipped solely with a firearm, static and dynamic impact force will be the main mechanisms of penetration, and overall strength of the fastening system will be more important than thickness of the metal fabric.

If ballistic protection is desired, walls constructed of 4-inches reinforced concrete, 8-inch filled CMU block (grouted full), and 8-inches of brick have been successfully tested by U.S. DoD to resist penetration by 7.62x51mm ammunition. Another option is constructing walls using fiberglass wall panels rated under bullet resistance standards such as UL 752, ASTM F1233-08, and EN 1063. Minimum specifications for protection against military small arms (5.56mm) would be UL 752 Level 7, F1233 R1, or EN 1063 BR5. More conservative specifications encompassing 7.62x51mm would be UL 752 Level 8, F1233 R3, and EN 1063 BR6.

If the risk level and design approach warrants door systems rated for tested delay times, doors certified under SD-STD-01.01, ASTM F3038-14, CPNI MFES, LPS 1175 have been tested against a variety of forced entry methods and often exceed requirements for protection during armed attacks. If the threat definition identifies an adversary solely employing firearms and expedient tools, any door certified under SD-STD-01.01, ASTM F3038-14, CPNI MFES, or LPS 1175 will likely far exceed performance as suggested by its certified delay time rating.

If our design objective requires ballistic protection, doors rated UL 752 level 7+ or EN 1522 FB5+ should be specified. Additionally, all doors rated under SD-STD-01.01 have been tested against penetration by 5.56mm, 7.62x51mm, and 12-gauge shotgun.

As discussed in the first part of this article, all lever and knob sets on safe room doors should ideally be rated ANSI/BHMA A156 Grade 1 or have a minimum Security Grade of 4 under EN 12209. If the design objective is to delay penetration by a committed adversary or the threat definition includes a diverse range of entry tools, locksets should also be augmented by the installation of an independent deadbolt lock. In situations where greater delay times are required or adversaries are expected to employ improved toolsets for entry, multi-point deadbolt systems provide the best protection.

Although forced entry by ballistic attack against locks and hinges has been rare during active shooter events, a number of incidents have occurred where adversaries forcibly entered/or attempted to penetrate rooms by destroying door locks with gunfire. Specifying doors certified under SD-STD-01.01, UL 752 level 7+, or EN 1522 FB5+ will address this concern. Another approach is installing a surface-mounted deadbolt lock on the inside of a solid wooden or steel door. Although most solid wooden and steel pedestrian doors are vulnerable to penetration by small arms, the door material will provide some reduction in bullet velocity and conceal the location of the lock to reduce hit probability.

As a general rule, window and door glazing should be avoided in high risk situations or applications where designers seek ambitious delay goals. Although there are glazing products capable of high delay times, such systems are quite expensive by comparison to the price of wall construction and doors. If windows are unavoidable, I recommend designing all windows in accordance with U.S. DoD recommendations—96 in2 (619 cm2) or smaller and no wider than 1.5″ (3.8 cm). For bullet resistance, specifications for protection of glazing against military small arms include EN 1063 BR5-BR7, UL 752 Level 7-9, and ASTM F1233-08 R1-R4AP.

Following is an example of how these criteria may be applied in designing a safe room with a delay time objective of 30 minutes or more.

Safe Room Kits

In environments where armed attacks have frequently resulted in siege events with durations longer than 24 hours, consider providing a kit in all safe rooms with instructions for sheltering and essential supplies.

As a starting point, kits should include basic supplies for sustaining occupants throughout the expected duration of an event including a food ration of 1,500 kcal per person, per expected day of sheltering. Although the Total Daily Energy Expenditure (TDEE) of most adults is 2,000 calories or more, a short term diet of 1,500 kcal per day is sufficient to satisfy hunger without compromising an occupant’s decision-making capabilities or energy for escape if necessary. If the safe room does not have toilet and sink, consider including hand sanitizer, water, extra-large zip lock bags, and toilet paper to facilitate hygiene needs.

Numerous victims have died from gunshot wounds due to delayed medical treatment while sheltering during siege situations. To help address this concern, consider equipping each safe room kit with one or two hemostatic dressings. Hemostatic dressings are large bandages impregnated with a clotting agent designed to delay hemorrhage from trauma wounds under the expectation of delayed hospital treatment.

If safe rooms have exterior (outdoor) windows, infrared chemical lights are another supply to consider. During siege events, one of the first priorities of police and security forces is trying to determine where people are hiding inside the building. To assist this process, occupants sheltering inside safe rooms can be instructed using emergency communications systems when to break the IR chemical light and hold it against the window. Security forces outside the building equipped with night vision equipment will be able to see the IR chemical lights. Others without night vision equipment (e.g., terrorist handlers, bystanders, news media, etc.) will be unable to view which rooms are occupied. To implement this measure correctly, instructions should be provided in the kit for use of the chemical light and how the order to break the chem light will be communicated to occupants.

References

UFC 4-023-10, Safe Havens. US Department of Defense, N.p.: 2010. pp. 11.

ANSI/BHMA A156.13, Mortise Locks and Latches. Builders Hardware Manufacturers Association (BHMA), New York, NY, 2011.

EN 12209, Building hardware – locks and latches – mechanically operated locks, latches and locking plates. European Committee for Standardization, Brussels, 2016.

UFC 4-023-10, Safe Havens. US Department of Defense, N.p., 2010.

SD-STD-01.01, Revision G. Certification Standard. Forced Entry and Ballistic Resistance of Structural Systems. U.S. Department of State, Bureau of Diplomatic Security, Washington, DC, 1993.

ASTM F3038-14, Standard Test Method for Timed Evaluation of Forced-Entry-Resistant Systems, ASTM International, West Conshohocken, PA, 2014

Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978. pp. 4.2-6

Ibid. pp. 4.5-2

The vulnerability of unfilled concrete block walls to penetration and potential failure by gunfire is well demonstrated by numerous “backyard test” videos posted on YouTube. Most videos posted on YouTube display the vulnerability of stacked block walls without mortar. Finished walls will likely be more resistant to critical failure. Example: https://www.youtube.com/watch?v=Hxn8TS9cb3o

Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978. pp. 4.5-2

Ibid. pp. 4.9-1,2

UFC 4-023-07, Design To Resist Direct Fire Weapons Effects. US Department of Defense, N.p.: 2008.

UL 752, Standard for Bullet-Resisting Equipment. UL, N.p.: 2005.

ASTM F1233-08, Standard Test Method for Security Glazing Materials And Systems. ASTM International, West Conshohocken, PA, 2013

EN 1063:2000, Glass in building – Security glazing – Testing and classification of resistance against bullet attack. European Committee for Standardization, Brussels, 2000.

UFC 4-023-10, Safe Havens. US Department of Defense, N.p., 2010. pp. 42

Craig Gundry

February 8, 2021May 22, 2021

The Capitol Hill Riot: A Case Study in Securing Buildings Against Violent Intrusion

US Capitol Hill Riot - Case Study of Security Failures

The Capitol Hill Riot: A Case Study in Securing Buildings Against Violent Intrusion

Like many people, I watched the riot at the US Capitol on 6 January unfold live through reporting on TV. And as most, I was horrified to witness the surreal desecration of America’s most sacred symbol of democracy unfolding moment-by-moment. And as a security professional, that horror was amplified even further as I witnessed a cascading series of security failures with full awareness that angry mobs easily turn deadly when group passion supersedes rational judgement.

The next day, as America recovered from its emotional hangover, the leadership of the US Capitol Police was quickly called to reckon. There are obviously many, many questions which need to be answered.

The aim of this article is not to cast judgement about specific matters of security at the Capitol or attribute blame to specific parties. Any statements I could make beyond general critique at this point would be like “playing armchair quarterback without watching the entire game.” No doubt, there will be a comprehensive investigation of the incident and contributing factors which will result in an authoritative report. Rather, our aim in this article is to explore how security measures can be designed to avert similar disaster for the benefit of colleagues protecting other high-risk buildings around the world.

The remainder of this article is posted on the web site of our sister company, the S2 Safety & Intelligence Institute. Click here to read this article in its entirety.

Craig Gundry

March 30, 2020May 26, 2021

Egress Design and The Active Shooter Threat (Pt. 10)

Egress planning is often regarded as a life safety matter with influence on security, but otherwise a discipline independent from physical protection. However, when preparing facilities for active shooter violence, egress design should be approached as an integral component of our protective strategy.

As discussed in earlier articles in this series, security measures and facility preparations should be carefully designed to augment and anticipate the actions of building occupants. For people located at ground level during an attack or in building locations without safe refuge options, escape (what DHS calls ‘Run’) is the preferred response. To effectively facilitate this response, escape routes should be readily available that permit fast and unobstructed egress to safe outdoor locations away from the facility.

Although all buildings are required to comply with life safety codes related to emergency egress, International Building Code (IBC), NFPA 101, International Fire Code (IFC), and municipal codes often fall short in considering the unique dynamics of evacuation during armed events. Historically, these codes were designed with fire as the focus and don’t fully account for issues such as severe impairment of evacuees due to sympathetic nervous system (SNS) activation, the unpredictable actions of mobile attackers, and lack of situational awareness that may render multiple exit routes unsafe or at least perceived by evacuees as potentially-dangerous.

Many facilities rely on the advice of fire marshals and the results of inspection reports as a measure of readiness. Candidly speaking, this is a major concern. Aside from the inadequacy of current regulations, I often find violations of existing code during my work as a consultant that have somehow survived years of inspection.

So let’s take a walk beyond IBC and NFPA and explore considerations for designing an egress plan optimized to support response actions during active shooter events.

Egress Routes

To ensure building occupants have options for escape regardless of an attacker’s location, alternate egress routes should exist from all normally-occupied areas providing versatile access to safe exits. In most situations, providing two or more alternate egress paths from each occupied area (routed in different directions) is sufficient.

In newly-constructed buildings, identifying alternate egress paths isn’t usually difficult. In facilities constructed before modern building code, options are often limited.

During the 2008 assault on the Leopold Café in Mumbai, approximately 30 people were eating dinner in a narrow corridor of booths located on the second level when the attack commenced.[1] There was only a single stairwell and no room on the second floor capable of safe refuge. Fortunately for those on the second floor, the terrorists were satisfied after killing ten people and wounding numerous others and never noticed the unlocked door discreetly leading upstairs.

The Bataclan Theater in Paris, attacked by Islamic State terrorists in 2015, was another example of a building with limited escape options. At the time of the attack, there were three exits accessible to the public. One was the main entrance on Boulevard Voltaire and two emergency exits which discharged into an alley on the south-side of the building.[2] With the main entrance blocked by the terrorists’ presence, people located on the dance floor and north-side of the building had no way to escape without passing the attackers’ aim.

Installing new exits is the obvious solution to this problem. However, in situations where there are no options due to adjacent buildings (such as the Bataclan Theater) or similar circumstances, consider upgrading or constructing rooms for safe refuge purposes. As an additional measure, explore options for providing unconventional routes of escape as described later in this article.

The capacity of exits is another matter to consider. In situations where it is predictable that attackers will approach from a specific direction, expect a panicked reaction as everyone seeks to escape away from the gunman’s location. When faced with an imminent threat, people instinctively flee the direction of harm. Now if there are few people in the area, this type of reaction usually poses no special problems. But locations where this concern arises are often highly-populated and confined areas with limited exit options.

As discussed in Part 6 of this series, many armed attacks by outsider adversaries originate through public entrance doors and shooting commences immediately. This behavior has been very consistent in attacks against public buildings such as nightclubs, churches, and museums. In this situation, the natural reaction of people is to flee toward the opposite side of the room often resulting in tripping, trampling, and a bottleneck near whatever exit doors are present.

In some cases, the presence of furniture and other obstructions prohibit many from even reaching the exits. This situation has been especially common in attacks against church sanctuaries where the location of pews often block people from quickly reaching exits in the front of the room.

If this concern is foreseen during the initial design phase, solutions are often easy and don’t require major investment. For those with existing buildings, remedy often involves some expense.

If dangerous congestion is predicted at single-door exits, consider enlarging the present exits with the use of double-doors. If enlargement is insufficient or the situation prohibits modifying existing exits, consider installing new exits as illustrated in the following example.

In some cases, the situation can be eased by simply working with what’s available. In several buildings we’ve assessed with this concern, locked doors were present in areas where congestion was predicted providing access to service corridors or private hallways. By unlocking these doors and equipping them with appropriate hardware, we can provide an additional route of escape and ease congestion at the existing exits. However, implementing this solution may require other measures to address new concerns about public access into previously secured areas.

As a final point about escape paths, egress routes should be intuitive and simple to navigate under high-stress conditions. Several years ago I conducted an assessment of a community center building during the final phase of a major renovation. Unfortunately, most construction was nearly finished before we had a chance to offer useful comment. One of my greatest concerns in this situation was the addition of a new building level (earmarked for after-school programs) featuring two stairwells that discharged one level below into a second-floor hallway. After exiting to the second floor, evacuees were required to proceed down the hall to access a different stairwell in order to reach the first-floor exits. Despite the approval of local authorities, this type of complex egress path should be firmly avoided in active shooter planning. In the absence of any alternatives, our advice was to build a robust safe room in the kids’ area with sufficient capacity and train staff that lockdown is their only safe response during an attack.

Exit Signage

Exit signage should be clearly visible inside all work areas and hallways and direct evacuees to the most accessible stairwells or discharge doors. These are obvious points, but this subject is a common problem in many facilities. Where I encounter this issue most frequently is in renovated buildings that have changed their original room configuration or created expansive workspaces with cubicle walls. When facilities reconfigure walls and don’t update exit signage correspondingly, the result is often chaos—Signage directing evacuees to dead ends or locked doors, signage leading into areas with no further direction, locations where no signage is visible, etc.

Another problem, albeit less common, are situations where signage was incorrect from the beginning. Some time ago, I encountered a facility where the exit signage plan was similar to a puzzle game. Most arrows directed me in a circuitous loop around the outside of the floor and nowhere near the exit stairwells (which were positioned in interior hallways). Realizing I was walking in a circle, I followed alternate directional arrows and found myself at a dead end elevator landing with no nearby exits. Bear in mind, we’ve been conducting assessments of this type for years. If I can’t find my way out of a building, it’s likely a deathtrap during an active shooter attack.

If a building is configured with tall cubicle arrangements or corridors constructed of glass walls, consider placing directional signage on the floor if overhead visibility is a problem. In facilities like this, ceiling-mounted exit signage is often difficult to locate due to obstruction or the hall-of-mirrors type atmosphere often created in narrow corridors lined by glass. In these cases, providing additional signage on floors is often effective.

Emergency Stairwells

Exit stairwells should be well illuminated and clear of obstructions. Although these points are universally mandated under building and fire codes, this is another common area of concern.

On the subject of stairwell lighting, IBC permits illumination levels of 1 fc (10.8 Lux) and NFPA dictates 10 fc (108 Lux).[3] [4] Regardless of your location and regulatory mandates, I strongly recommend adopting the NFPA specification of 10 fc (108 Lux) as a minimum guideline. Over the years, I have assessed a number of facilities (particularly in Europe and the Middle East) where stairwell illumination was so poor I needed to use a flashlight to safely navigate the stairs.

Obstruction is another common problem. In the absence of adequate storage rooms, many facilities resort to stairwell landings as convenient spaces for overflow.

The location of stairwells is another issue to consider. In armed attacks against multi-floor buildings, the ground-level is often where the attack originates and may be a dangerous location while an event is active. If building occupants are not aware of the exact location of the threat, the combined effects of fear and lack of situational awareness may make people hesitant to evacuate if they need to navigate through interior hallways to access exits. This issue is often compounded further by the effects of the SNS on problem-solving ability.

To address these concerns, emergency stairwells should ideally discharge directly outdoors through exit doors at ground-level. Stairwells that discharge into lobbies or central hallways should be strictly avoided. If a facility has stairwells that discharge into potentially hazardous areas, employees should be warned of which stairwells to avoid as part of their active shooter training.

If an exit stairwell has multiple doors at ground-level, signage should be clearly visible indicating the proper door for discharge. Although this is not a common problem, I occasionally encounter situations where there are multiple doors at the base of a stairwell and no clear indication of which is the proper exit door. In this situation, choosing the wrong door may be a fateful decision.

Another matter to consider is the possibility of stairwells being used by attackers in navigating the building. During attacks inside multi-level structures, adversaries frequently use stairwells to move between levels. A few examples include attacks at the Virginia Beach Municipal Center (2019), Corinthia Hotel Tripoli (2015), and Washington Navy Yard (2013).[5]

Addressing this concern raises several challenges.

First, it is often cost-prohibitive to install CCTV cameras in stairwells in a manner suitable for tracking movement between floors (and especially in high rise structures). So if we have a control room employing CCTV to monitor the progress of attackers, stairwells are often a blind spot. Second, although IBC permits interior stairwell doors to be locked against entry from the stairwell side, code requires that interior stairwell doors are “capable of being unlocked simultaneously without unlatching upon a signal from the fire command center…[or] signal by emergency personnel from a single location inside the main entrance…” [6] NFPA regulations are different in detail, but the same concern is present. As discussed further in this article, the fail-safe operation of electrified locks is a major concern during active shooter attacks.

To address the possibility of adversaries navigating floors by stairwell, it may be permissible in some locations to install barriers inside existing stairwells featuring secured egress doors and exit bar devices to restrict upward movement. The photo below is an example of this type of barrier using wire mesh and an acrylic panel to prevent manipulation of the door handle. Although I like this approach in concept, code requirements should be carefully assessed before implementing this type of measure.

If the Design Basis Threat is an outsider adversary and placing barriers inside stairwells is permissible, I recommend installing them between ground-level and the next higher floor. This recommendation is based on the fact that most attacks by outsiders initiate at ground-level. In the case of buildings with interior public staircases providing access to second or third levels (such as a hotel with a mezzanine), the placement of stairwell barriers should be adjusted accordingly.

Exit Doors

Exit doors should be clearly visible and identified by overhead signage. Although this is not a common issue of concern, situations occasionally arise where architects have visually concealed the exit doors to create a unified aesthetic appearance. Following is an image illustrating this concern provided by Lori Greene, Manager of Codes & Resources at iDigHardware (Allegion).

Avoid the use of electromagnetic locks on egress doors!

Although mag locks offer versatile benefit in access control design, they present several problems during active shooter attacks. First, building and life safety codes universally require that egress doors equipped with mag locks fail safe (unlocked) during fire alarms. In this situation, every alarm pull station inside the building is a ‘virtual master key’ and will compromise all doors equipped with mag locks with one pull of a handle.[7] We have had multiple attacks where fire alarms were manually activated by building occupants (e.g., 2013 Washington Navy Yard), activated by smoke or dust (e.g., 2018 Marjory Stoneman Douglas HS, 2008 Taj Mahal Hotel Mumbai, etc.), or used by attackers to deceptively herd victims outdoors for ambush (e.g., 1998 Westside Middle School, 2013 UCF, 2015 Corinthia Hotel Tripoli, etc.).[8] [9] [10]

In addition to fire alarms, mag locks also fail safe if electricity is disrupted for any reason such as an extended power outage or if lines are damaged during an explosion. This is a particular concern in situations where the Design Basis Threat includes terrorists employing body-worn IEDs.

As an added concern, electromagnetic locks require door-mounted exit hardware (e.g., switch, lever, etc.) or alternatively, an exit sensor to unlock egress doors when an alarm is not activated. In many facilities I encounter, solitary wall-mounted push-to-exit (PTE) switches are used for this purpose despite code requirements stipulating door-mounted hardware or exit sensors. Furthermore, PTE switches used for this purpose are often small in size and easily overlooked when people are trying to escape under high stress conditions. Poor placement of PTE switches compounds this problem even further. During assessments, I often find PTE switches mounted away from doors in a manner that requires evacuees to stop and scan the area for a switch.

As a tragic example of this concern, in the 2019 shooting at the Al Noor mosque in Christchurch, 17 people were killed while trapped at an exit door operated by a PTE switch. [11] It is unclear from news reports whether the door failed to open because of an electrical problem or if there was difficulty by evacuees in locating and operating the PTE switch.

Exit sensors for mag locks often pose a different problem. If an exit sensor is placed above doors in a high traffic area, every time someone passes the sensor the door is unlocked. I’ve encountered many facilities where intrusion was as simple as waiting outside a door for a few minutes and listening for a click.

An even greater concern is when facilities opt not to install PTE switches or exit sensors on doors as a means of restricting use for fire evacuation only. The image below displays a bank of controlled exit doors at the entrance of an expo hall. To direct patrons to a nearby revolving door, the facility management decided (in violation of code) not to install PTE switches or exit sensors. When I inquired about this matter, I was assured that the fire alarm and/or control room operator would disengage the doors during an emergency. Nevertheless, if the operator is disabled or delayed in responding to an attack, the consequences of mass evacuation through this area would be tragic.

For access control purposes, we generally recommend using electrified panic bar devices or electric strikes with mechanical hardware. During an evacuation, electrified exit bar devices operate identically to mechanical exit bars—push the bar and the door opens. Aside from ease of operation, doors equipped with electrified exit bars and electric strikes can remain secured during power disruption and fire alarms (withstanding stairwell doors and other situations as defined by code).

As a final point about access control, avoid the use of delayed egress on exit doors. Many facilities employ egress delays (15-seconds or 30-seconds) as a means of discouraging occupants from exiting through doors reserved for emergency purposes. Although egress delays are often useful for channeling occupants to designated exits, any measure which delays escape during an attack increases the risk of avoidable casualties.

The following video illustrates how long 30 seconds is while standing at an exit door during an active shooter attack.

Unconventional Exit Options

When normally discussing the topic of egress, ground-level exit doors are presumed to be the main points of building discharge. However, during active shooter events, there are often many opportunities for escape that don’t meet the standards of fire code.

For people located on higher building levels, it is often safer to escape upward toward the roof than downward through stairwells. During the 2015 Charlie Hebdo attack, employees of a company located on the third floor above the Charlie Hebdo office sought safety on the rooftop due to concern about gunfire penetrating their office. In the 2004 attack at the Oasis Compound in Saudi Arabia, two people hid on a roof for two days before rescue. Several employees at Washington Navy Yard’s Building 197 also took refuge on a roof rather than risk harm below.[12]

As part of active shooter training, advise employees about the availability of the roof as a safe area. And if the roof is presently locked, consider placing an escape key near all rooftop doors specifically for use during an active shooter event. If safety concerns override the decision to place escape keys near doors, consider installing electrified locks on the rooftop doors that can be released through a lockdown event macro programmed in the building’s access control software.

During an attack, any window less than three stories or aperture large enough to crawl is a potential route of escape. In the 2007 shooting at Virginia Tech’s Norris Hall, students in Room 204 escaped by jumping out the second story windows of their classroom.[13] During the 2016 siege at the Pulse nightclub, eight people escaped through an air conditioning vent with police assistance. In the 2013 attack at the Westgate Shopping Mall, people in a restaurant also escaped by crawling through an air vent.

If our present building has windows and other unconventional escape opportunities, make note of these options and advise employees during active shooter training. Simply mentioning the examples already cited in this article calls attention to the possibilities and provides a point of reference if employees ever find themselves trapped during an attack.

Now if we are working with an existing structure, it usually doesn’t make sense from a cost-benefit perspective to install new windows or make other building alterations specifically to facilitate unconventional modes of escape. An exception to this might be situations like the Bataclan Theater (described earlier in this article) where the absence of exits is a major concern and there are no options for remedy.

When designing new facilities, consider placing windows in select locations where it is likely people will be trapped during an attack. One example is public restrooms. Although public restrooms rarely feature door locks, they are commonly used by people seeking refuge during active shooter attacks. If we anticipate this problem and the restroom is adjacent to an exterior wall at ground level, install a 24” tall horizontal sliding window just below the ceiling to provide anyone trapped in the restroom with a possible means of escape. If this had been done at the Pulse nightclub, thirteen people might be alive today.[14]

Endnotes

[1] Details provided by a confidential source during the author’s visit to the Leopold Café in 2016.

[2] Details confirmed during the author’s visit to the Bataclan Theater in 2018.

[3] 2015 International Building Code. Chapter 10 (Means of Egress). International Code Council. N.p. 2015.

[4] NFPA 101 7.8.1.3 (1)

[5] After Action Report. Washington Navy Yard. September 16, 2013. Internal Review of the Metropolitan Police Department. Metropolitan Police Department. Washington, D.C. July 2014.

[6] 2015 International Building Code. Chapter 10 (Means of Egress). International Code Council. N.p. 2015.

[7] As a caveat to that statement, NFPA 101 states that the pull stations don’t have to unlock the doors: The activation of manual fire alarm boxes that activate the building fire-protective signaling system specified in 7.2.1.6.2(4) shall not be required to unlock the door leaves. (Comment by Lori Greene, iDigHardware)

[8] Initial Report Submitted to the Governor, Speaker of the House of Representatives and Senate President. Marjory Stoneman Douglas High School Public Safety Commission. January 2, 2019.

[9] After Action Report. Washington Navy Yard. September 16, 2013. Internal Review of the Metropolitan Police Department. Metropolitan Police Department. Washington, D.C. July 2014.

[10] Harms, A.G. UCF After-Action Review. Tower #1 Shooting Incident. March 18, 2013. Final Report. N.p. May 31, 2013.

[11] “’It doesn’t open’: Christchurch mosque survivors describe terror at the door” Stuff. March 28, 2019, https://www.stuff.co.nz/national/christchurch-shooting/111632051/it-doesnt-open-christchurch-mosque-survivors-describe-terror-at-the-door. Accessed 25 March 2020.

[12] After Action Report. Washington Navy Yard. September 16, 2013. Internal Review of the Metropolitan Police Department. Metropolitan Police Department. Washington, D.C. July 2014.

[13] Mass Shootings at Virginia Tech. April 16, 2007. Report of the Review Panel. Virginia Tech Review Panel. August 2007.

[14] Harris, Alex. “New details emerge about where the victims of the Pulse massacre died.” Miami Herald. June 14, 2017, https://www.miamiherald.com/news/state/florida/article144586874.html. Accessed 13 March 2020.

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

March 17, 2020August 14, 2020

Considerations for Designing Active Shooter Protection Measures (Pt. 4)

Considerations for Designing Active Shooter Protection Measures (Pt. 4)

Parts 1 and 3 of this series surveyed important principles of physical security and facility preparation for mitigating the consequences of active shooter attacks. Although the concepts described in the preceding articles are universal, there are often unique circumstances that influence how these principles are best applied in different situations.

The following are some preliminary questions to consider with bearing on the practicality and prioritization of security measures.

Is it feasible to employ restrictive entry control and screening measures?

In an ideal situation, entrance into the facility is channeled to a limited number of secured entry points and all entrants are subject to verification and weapons screening before admittance. However, there are many situations where restrictive entry controls are impractical (or impossible) due to reasons of high volume of public traffic, cultural expectations, budget, or low-risk justification. Common examples of this situation include malls, hotels, train stations, entertainment districts, houses of worship, hospitals, multi-tenant office buildings, and similar facilities. This is also a common situation in schools and universities with complex campuses, or where concerns about negative impact on school climate, cost, and operational burden outweigh the risk.

In these situations, an adversary could access populated areas of the facility undetected before commencing an attack. To compensate for this, high priority should be given to measures that simplify rapid escape from public areas and expedite the actions of armed responders. In large buildings (such as multi-level office buildings, schools, hospitals, and hotels), alert communication is critical and safe refuge options should be abundantly available for people unable to escape or who are unaware of the threat’s location.

Although restrictive entry control may not be practical in these cases, it may be worth configuring an access control macro to facilitate the rapid lockdown of exterior doors and high-risk indoor locations if an attack is detected outdoors.

Are there groups of occupants present whose capability to respond is likely impaired or who are unable to easily evacuate during an attack?

This is generally the case in schools, daycare facilities, nursing homes, and hospitals. In these situations, alert communications and ensuring the availability of safe refuge areas are top priorities. In schools and daycare centers, all classrooms should meet criteria as basic-level safe rooms. In hospitals and nursing facilities where it is not feasible to secure patient rooms, measures should be implemented to rapidly secure wards and hallways wings occupied by vulnerable groups. Additionally, all employees caring for vulnerable populations should be trained in lockdown procedures and drill regularly to ensure reliable performance under stress.

In nightclubs and entertainment venues, we often have a different type of concern—alcohol. When considering other conditions typical in nightclubs and party venues (e.g., dense crowds, low lighting, loud music, light shows, etc.), alcohol is the final ingredient in a recipe for disaster. In previous nightclub attacks (e.g., Pulse, Reina, Bataclan Theater, etc.), the reaction of patrons was initially delayed by confusion and followed immediately by panic as occupants fled the direction of danger. To address this concern, priority should be given to designing intuitive and high capacity egress routes in directions away from the main entrance. Ideal preparation also includes options for direct escape from all locations inside the building (incl. restrooms, service hallways, etc.). To further address the problem of confusion, measures should be explored for quickly shutting off the A/V system and illuminating exit doors.

Are there large numbers of people present who are expectedly unfamiliar with the facility?

If yes, careful consideration should be given in the design and marking of egress routes, public notification systems, and training employees in procedures for directing guests’ response.

Does the interior layout of existing buildings provide ample options for occupants to take safe refuge?

In schools, hotels, and many office buildings, the existing indoor layout usually provides adequate options for designating rooms which can be easily upgraded to meet basic requirements as safe rooms. Where I often encounter problems with this matter are industrial facilities, telephone call centers, and office buildings with extensive use of indoor glass walls.

If budget permits, the preferred remedy is to construct (or upgrade) several intrusion-resistant rooms throughout the facility to provide accessible refuge options for employees regardless of location. As a minimum, we recommend at least one safe room per floor wing with adequate capacity for all employees in proximity. In call centers and office buildings with open floor plans, the newly constructed safe rooms can often serve a practical role as conference rooms during day-to-day activities.

If constructing safe rooms where needed is not possible, egress routes should be easily accessible and discharge directly outdoors. Additionally, employees should be trained to know that hiding in an unsecured work area is unsafe and escape is the preferred response when possible. Training should also include a discussion about optional egress paths (e.g., alternative exits, roof access, etc.) and high-risk areas to avoid during evacuation (such as first floor lobbies and central hallways).

If circumstances dictate that escape is the preferred response, situational awareness is critical and measures should be explored for monitoring the movement of attackers by CCTV and relaying real-time updates to employees.

Do cultural expectations or public image concerns restrict the employment of high profile security measures?

This issue frequently arises in corporate and hospitality facilities conscientious about branding. Many schools are also sensitive to this matter considering research by psychologists warning of the potential for negative impact on school climate. In many cases, this concern can be easily addressed by employing locks, barriers, and other hardware with a low profile appearance. Egress design, communications systems, and other infrastructure preparations are generally unnoticed by employees and the public.

Where concerns about high profile measures most often influence protective strategy are decisions about posting armed officers inside the facility and implementing entry screening measures (as described earlier in this article).

As discussed throughout this series, few measures offer as much benefit during an attack as having an on-site armed response force. If an organization is attracted to the idea of armed protection, but hesitant due to public image concerns, some measures can be employed to address this situation.

One option is to stage armed response officers in a location out of public view. Several years ago we aided an organization in evaluating potential security strategies for a parliament building. At the time, the facility was protected by several police officers armed with handguns posted outdoors. Considering the facility’s risk profile and Design Basis Threat (terrorists armed with assault rifles), we strongly recommended they augment their current security force with an on-site tactical response team equipped with military small arms. This proposal was initially rejected due to public image concerns. Our recommendation, in turn, was to stage the team inside a room hidden from public view and within 120 seconds travel time to all critical locations inside the facility. This same approach can be adopted in office buildings, hotels, schools, and any other location where public image is a concern.

Other methods for addressing this concern include substituting plainclothes officers for uniformed personnel and carefully selecting officers for their unique combination of tactical capabilities and interpersonal relations skills.

Is it expectedly safe for people to evacuate the facility during an attack, or is the facility located in a geographic area where escape outdoors is impractical or possibly dangerous?

This is not generally a concern for most facilities. Where this issue most often arises is when a facility is remotely located away from civilization or in hostile threat environments. An example of the first situation would be the Tigantourine gas facility in Algeria targeted by Al-Mourabitoun in 2013. An example of the second situation might be a compound located in a war zone where friendly authorities have little control and hostile actors abound (e.g., 2012 Benghazi attacks).

In these situations, on-site armed response capability is paramount. Additionally, perimeter defensive measures should be designed to provide the armed response force with a tactical advantage and create time for occupants to seek refuge. Additionally, safe havens should be provided capable of advanced delay times and sustained life support under attack by fire, smoke, and other methods of asphyxiation.

Is it feasible to have an on-site armed response capability?

As detailed in Part 1 of this series, barriers need to be designed to delay an adversary’s ingress into populated areas with sufficient time for a response force to intervene. If it is not possible to have an on-site armed response capability, the emphasis often needs to be placed on measures that facilitate delay (e.g., barrier construction, egress design, etc.) and expedite the response of local police.

Are we located in a region where previous incidents often result in a siege or delayed intervention by security forces?

If yes, there may be justification for upgrading safe rooms to an intermediate or high level of protection. As discussed in Part 2 of this series, most previous attacks where adversaries committed time and effort to forcibly enter rooms were in situations where authorities delayed entry. As an added measure, safe rooms in these cases should be equipped with supplies to sustain occupants for the duration of a siege.

Is our Design Basis Threat adversary an insider, outsider, or both?

As explored in Part 2 of this series, the relevancy of many protective measures is directly related to the attacker’s expected access to the facility. The following table is provided as a general guide to the applicability of physical security and facility design measures to different categories of adversary.

These are some of the many questions to consider as part of the physical security and facility design process. In upcoming articles, we’ll explore these issues in greater depth and present examples of how custom protection strategies can be designed for different types of facilities.

The Sympathetic Nervous System (SNS), Situational Awareness, and Active Shooter Attacks

Another important issue to consider in active shooter planning is the potential effects of the Sympathetic Nervous System (SNS) and lack of situational awareness on employee response.

During life-threatening emergencies, the Sympathetic Nervous System (SNS) is often activated. The SNS governs human flight-or-fight response to imminent threat situations. Although the SNS served an important survival function in human evolution, its effects can impair response actions by building occupants during high-stress events. When the SNS awakens, a person’s heart rate may exceed 200 bpm resulting in cognitive impairment, loss of fine motor skills, irrational behavior, or freezing.[1]

In addition to the SNS, rarely during armed attacks do employees have real-time situational awareness of the attacker’s location and activity. The combined effects of the SNS and lack of situational awareness may result in dangerous and sometimes irrational behavior. For example, employees may be hesitant to abandon a presently unsecured location and relocate to a nearby safe room if getting there requires moving through space they cannot see (e.g., around a corner and into another hallway). If a door is equipped with a single-cylinder lock and no thumbturn, employees may be hesitant to open the door to lock it if they fear the gunman may enter the hallway.

Effective active shooter planning should anticipate the effects of the SNS and lack of situational awareness. Every effort should be made to compensate for these challenges by simplifying the expected actions of employees. Some practical examples include establishing emergency phone numbers that are easy to remember and dial under stress, ensuring that mechanical locks on doors feature a thumbturn and do not require a key for locking, providing abundant availability of safe rooms, and ensuring that escape routes do not require complex navigation to access discharge doors.

As an additional point, employees and on-site responders are not the only ones affected during high stress events. Security control room personnel suddenly launched into action with life-and-death consequences (even when remotely located) may experience some of the same impairing effects as people in the ‘hot zone.’ For this reason, critical communications systems should be designed for simplicity and control room personnel should drill regularly to minimize delays or omission of key tasks.

As we continue in upcoming articles, specific recommendations will be offered in hope of avoiding some of the many problems witnessed in previous attacks resulting from SNS impairment and lack of situational awareness .

In the next part of this series, we’ll explore recommendations for protecting people from outdoor ambush and early attack recognition.

Endnotes

[1] Grossman, Dave, and Loren W. Christensen. On Combat: the Psychology and Physiology of Deadly Conflict in War and in Peace. Warrior Science Pub., 2008.

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

March 17, 2020August 14, 2020

Facility Preparation for Active Shooter Attacks: Key Objectives (Pt. 3)

Design Basis Threat and The Active Shooter

Facility Preparation for Active Shooter Attacks: Key Objectives (Pt. 3)

In Part 1 of this series, we discussed how the integration of detection, delay, and response functions influences the overall performance of physical security. In security designs aimed at the protection of inanimate assets (such as theft prevention and anti-sabotage situations), hardware components and physical construction (e.g., anti-personnel barriers, alarm systems, CCTV, etc.) are often the primary elements facilitating detection and delay. However, in the case of active shooter attacks, anticipating the actions of facility occupants is critical in designing a successful system.

Most organizations concerned about active shooter attacks have adopted the US Department of Homeland Security’s classic ‘Run-Hide-Fight’ doctrine as the basis for designing facility emergency action plans and training employees. This simplified response guidance is presented as a prioritized list of preferred protective responses when an active shooter attack is recognized. “Run,” for instance, should always be the first option when the opportunity is present. If “Run” is not possible, then “Hide” is the next prioritized option.

Although “Run” is generally the most preferred response, there are situations where attempting escape may be more dangerous than simply remaining in place. A good example is a multi-story building when an attack is launched at ground level. Rarely during attacks do people in the “hot zone” have accurate and real-time knowledge of the attacker’s location and safe routes of escape. In this situation, trying to evacuate through lower levels of the building where possible massacre is in progress may be far more dangerous than barricading in a nearby safe location.

To ensure best performance during armed attacks, facilities should be designed or upgraded to support these response actions and proactively address common challenges faced by people during life-threatening events.

Physical Security and Active Shooters: Key Objectives

The following points summarize key measures for protecting facility occupants during active shooter events.

Delay the attacker’s ingress into populated areas to permit time for critical alerts, escape and refuge actions, and deployment of the response force. (DELAY)

Protective layers should be designed to delay adversary movement into populated areas. If the attacker is an ‘outsider,’ this includes exterior barrier layers (e.g., facade glazing, doors, locks, etc.) and delay measures at entry points and public reception areas (e.g., lobbies, etc.). Additional protective layers securing work suites and high-valued assets (e.g., executive offices, etc.) should be used to frustrate adversary ingress further and provide critical delay against movement by ‘insider’ adversaries already located inside the building.

Expedite detection and assessment of the threat. (DETECTION)

As discussed in Part 1 of this series, time is critical during active shooter events and every measure that expedites detection of the attack and deployment of an armed response force is critical in mitigating consequences. Measures that expedite event notification to security or authorities, such as panic alarms or gunshot detection systems, can greatly reduce the typical reporting times normally encountered by relying on witnesses to call an emergency number by telephone.

Rapidly and reliably alert all facility occupants. (DETECTION)

A critical part of effective response during active shooter events is fast and reliable alert to expedite protective actions by employees. Critical alerts should ideally be issued by audible means (public address) for the benefit of all facility occupants, and where feasible, followed by a redundant mass notification system (MNS) message for those who may not have heard the initial announcement. When important developments occur, updates can be issued to employees as follow up messages.

Facilitate easy and rapid evacuation/escape by employees and facility guests. (DELAY)

For employees located outdoors, ground level, or in building locations without safe refuge options, escape (DHS’ term ‘Run’) is the primary response. Escape routes should be abundantly available, easy to locate, and permit fast and unobstructed egress to safe locations away from the facility.

Provide safe refuge options for employees and facility guests unable to safely evacuate or who are unaware of the threat’s location. (DELAY)

One of the most basic facility preparations is ensuring adequate availability of safe rooms for people to take refuge if escape is not feasible. For this purpose, rooms should be abundantly available throughout the facility capable of providing adequate delay against forced entry considering the methods and tools likely to be employed by attackers.

Expedite the intervention of a response force capable of neutralizing an armed adversary. (RESPONSE)

Although many active shooter attacks terminate in suicide before the intervention of police or security forces, the speed at which security or police arrive and locate the adversary has a major impact on consequences of the event.

In an ideal scenario, police or armed security officers would be assigned to reliably ensure fast response times. If an organization cannot implement an on-site armed response capability, additional measures should be used to expedite the effective response of local police. Some examples include marking buildings on multi-building campuses with distinctive signage to ease location, establishing procedures for orienting and directing law enforcement officers as they arrive on scene, and preparations for providing building keys, access control badges, and floor plans to facilitate unimpeded movement by police.

Ensure employees are prepared to respond safely and without direction.

Even the best designed plans and facility preparations will fail if employees are unprepared to take independent action for their self-preservation during active shooter events. As detailed further in Part 4 of this series, the effects of the sympathetic nervous system during high stress events and lack of situational awareness can have a debilitating effect on employee response and even lead to dangerous actions. The first step in combating this problem is training employees in emergency response procedures.

The Department of Homeland Security and various municipalities throughout the US have produced short videos useful for this purpose. It is also recommended that training include instructor-led discussion about facility-specific measures for contacting security or police, location of suitable safe rooms inside the facility, special egress considerations (e.g., feasibility of roof access, etc.), communications systems, and location of medical kits.

In the next part of this series, we’ll explore common challenges and unique circumstances that often influence how these principles are best applied in different facility situations.

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

March 17, 2020August 14, 2020

Design Basis Threat and The Active Shooter (Pt. 2)

Who exactly are we trying to protect ourselves against when we use the term “active shooter?”

For many, the answer to this question seems obvious—a “bad guy” killing people at random with a gun. However, this type of vague definition provides little guidance for developing an effective security design. A more useful definition considers:

- How many adversaries would possibly be involved in an attack?
- What is their level of skill?
- What types of weapons would they bear?
- What tools and methods of entry would they employ?
- Would the attacker(s) likely be an insider, outsider, or potentially either?
- Has the adversary employed any unique modus operandi in previous attacks?

Although many aspects of active shooter preparation are universal, these types of details have a major influence on the performance of our protective design and the benefit of system components (e.g., anti-personnel barriers, ballistic protection, etc.). Additionally, if our budget is limited, the answers to these questions can often guide us in prioritizing vulnerabilities of greatest concern.

As a security consultant, I’m frequently called on to assess facilities that have already invested in protective upgrades. In these situations, I frequently find examples of overlooked vulnerabilities, overconfidence in protective measures, or wasted expenditure. And these problems often stem from failing to define the attacker’s likely capabilities and methods as a driving factor in the original security design.

In professional approaches to security planning, this is the role of the Design Basis Threat (DBT) or Threat Definition. A DBT (or Threat Definition) provides a description of an adversary’s likely capabilities and tactics essential for determining the expected performance of security measures and identifying attack scenarios that should be addressed in security design.

Considerations for Developing a Design Basis Threat

Number of Attackers

The number of adversaries has a direct relationship to the potential effectiveness of our response force (i.e., Probability of Neutralization) and may influence the behavior of adversaries during attacks. One practical example is the likelihood of adversaries forcibly entering secured rooms to locate targets. Many documented incidents where adversaries forcibly entered locked rooms to seek targets involved more than one perpetrator.[1]

In the United States, the spectrum of active shooter adversaries has historically been quite diverse with most attacks committed by non-ideologically motivated perpetrators in alignment with Dr. Park Dietz’s definition of a pseudocommando.[2] The majority of these attacks are executed by a single attacker withstanding a handful of notable exceptions (e.g., 1998 Westside Middle School, 1999 Columbine High School, 2011 South Jamaica House Party, and 2012 Tulsa[3]). Historically, most terrorist-related active shooter attacks in the United States also involved only one perpetrator with exceptions including the 2015 San Bernardino and 2015 Curtis Culwell Center attacks.

Regional trends in adversary characteristics vary greatly in different parts of the world. In locations where terrorist attacks are the predominant concern, the number of perpetrators in attacks is often higher. In a study of 20 Marauding Terrorist Firearms Attacks (MTFA) conducted by the Critical Intervention Services in 2015, 1-2 perpetrators was most common in active shooter assaults in Europe with notable exceptions being events such as the 13 November Paris attacks.[4] In Africa, by contrast, terrorist groups such as Al-Shabaab frequently use teams of 4-9 attackers in assaults on civilian locations such as the Westgate Shopping Mall (2013), Garissa University (2015), and numerous hotels in Mogadishu.[5]

Relationship to the Facility/Organization

Is the adversary possibly an “insider” (e.g., current student, employee, etc.)? Or do the characteristics of our organization and environmental circumstances likely limit our concern to “outsider” adversaries? The answers to these questions often determine the relevance and priority of protective measures.

For instance, if the adversary is most likely an outsider, protective measures associated with perimeters, building facades, and entry controls are a high priority. By contrast, if the probable adversary is an insider, it is often wise to focus on indoor protective measures if the budget is a limiting concern.

In school settings, the probable type of adversary is largely influenced by the age of students. Withstanding a handful of plots, shooting events in primary schools have been executed by adult-aged outsiders (e.g., 2017 North Park Elementary School, 2012 Sandy Hook, 2006 West Nickel Mines, etc.) and a handful of expelled students (e.g., 2016 Townville Elementary School). In secondary schools, the spectrum of perpetrators is more diverse including both current and former students, and to a lesser degree, adult-aged outsiders.

In closed workplace settings, the majority of mass shootings are committed by current or former employees (e.g., 2020 Molson Coors, 2019 Henry Pratt Co., 2019 Virginia Beach Municipal Center, etc.). Although less common than employee-related shootings, there have also been cases of nonemployees (outsiders) targeting businesses for reasons of personal or ideological grievance such as the 2018 shooting at YouTube headquarters and the 2015 Charlie Hebdo attack.

In attacks against houses of worship and ethnic cultural centers, outsider adversaries motivated by ideology or reasons of personal grievance have been most common. Some recent examples include attacks at the Poway Synagogue (2018), Tree of Life Synagogue (2018), First Baptist Church (2017), Burnette Chapel Church of Christ (2017), Emanuel AME Church (2015), and Overland Park Jewish Center (2014).

Outsiders have also been the dominant category of adversary in attacks against public entertainment venues such as nightclubs, theaters, entertainment districts, and festivals. In many of these situations, the venue is targeted due to mass casualty potential or the characteristics of its patrons. Examples in recent years include attacks at the Nels Peppers Bar (2019), Gilroy Garlic Festival (2019), Borderline Bar and Grill (2018), Jacksonville Landing (2018), Route 91 Harvest Festival (2017), Reina nightclub (2017), and Pulse nightclub (2016). Although most attacks in entertainment facilities are premeditated, there have also been cases of disputes among patrons escalating into mass violence such as the 2017 shootings at the Power Ultra Lounge and Cameo nightclub.

In situations where terrorism is the primary concern, outsider adversaries should be the first priority. Although there have been attacks executed by radicalized employees (e.g., 2019 Naval Air Station Pensacola, 2015 Inland Regional Center, 2009 Fort Hood, etc.), the overwhelming majority of terrorist armed assaults are executed by outsiders.

Entry Tools and Methods

The delay time value of barriers (e.g., doors, locks, glazing, etc.) is directly related to the tools and methods adversaries may use to breach our barriers. Attacker tools and entry methods was one of the issues the CIS MTFA study team examined with the aim of creating a research-supported justification for defining threat capabilities.[6] Of the attacks assessed as part the study, in none of the events did attackers arrive equipped with tools (other than firearms) for the specific purpose of penetrating barriers. In case research conducted by CIS about other armed attacks against facilities over the past 20 years, the number of incidents where adversaries brought tools specifically for forced entry purposes was few. In the majority of attacks, forced entry was facilitated exclusively by blunt object impact (e.g., kicking, beating with rifle butt stock, etc.) and sometimes aided by bullet penetration or cutting with a bladed weapon.

For the purpose of designating or planning potential safe rooms, another issue worth considering is adversary effort and commitment to attack people located inside locked rooms. Joseph Smith and Daniel Renfroe describe their observations on this matter in an article on the World Building Design Guide web site: “Analysis of footage from actual active shooter events have shown that the shooter will likely not spend significant time trying to get through a particular door if it is locked or blocked. Rather they move to their next target. They know law enforcement is on its way and that time is limited. “[7] Separate case study research conducted by Critical Intervention Services also supports this perspective.

In a large percentage of attacks, adversaries focus solely on targets of easiest opportunity by using visually-obvious pathways and unlocked/unobstructed portals (e.g., doors, windows, etc) to facilitate indoor movement. This behavior may be due to perceived time pressure (“kill as many as possible before the police arrive”) or possibly diminished problem-solving ability resulting from activation of the Sympathetic Nervous System (SNS). In most documented attacks where adversaries committed effort to forcibly enter locked rooms, intervention by police or security forces was delayed and adversaries had exhausted all targets in accessible areas.

When developing a DBT for use in a region where the main threat concern is a particular terrorist group, research should focus on identifying any unique tactics or preferences for entry methods demonstrated in previous attacks. Al-Shabaab, for instance, has employed disguise and deceptive entry tactics for gaining access through the outer perimeter of several protected facilities in Somalia. If we were developing a DBT for Al-Shabaab, it would be wise to consider attack scenarios employing deception and disguise in addition to overt entry methods.

Weaponry

Weaponry influences the potential effectiveness of our response force, and caliber and type of ammunition determines the effectiveness of ballistic barriers in resisting bullet penetration.

According to FBI statistics, handguns were the most powerful firearm used in most attacks (59%) with rifles constituting 26% of incidents.[8] Although the FBI has not published statistics on weapon calibers used in active shooter attacks, most mass casualty attacks where rifles were employed in the United States involved 5.56mm weapons with examples including assaults at the Pulse Nightclub (2016), Inland Regional Center (2015), Sandy Hook Elementary School (2013), and Aurora Century 16 Theater (2012).

Outside the United States, 7.62x39mm weapons (AK-47) have been most common.

Likelihood of a Hostage/Siege Event

Although not directly related to adversary capabilities, another possible factor to consider is the likely duration of an event. If the adversary is a terrorist group with a specific preference for hostage-taking or if we are located in a region where there has often been delayed intervention by police/security forces, circumstances may justify a more advanced level of preparation.

In the 2015 CIS MTFA study, 35% of all attacks escalated into a siege by police/security forces upon arrival. In a number of these incidents, intervention was delayed due to early confusion about the event (“hostage situation” versus “armed massacre”). Some events resulted in a siege when arriving police or security forces were overwhelmed by the adversary’s firepower and withdrew pending the arrival of more assistance. In other events, police and security forces made committed entry but the size of facility and movement of the attackers inside the building delayed location and neutralization of the adversaries (e.g., 2019 Virginia Beach Municipal Center, 2013 Washington Navy Yard, 2015 Corinthia Hotel Tripoli, etc.).

Incidents documented in the CIS study that escalated into a siege had a duration ranging between 2h 24m and est. 96 hours, with a mean duration of 21h 44m. Although most events resulting in siege durations over 2 hours were in Africa or West Asia, recent incidents have occurred in Western countries with effective response times over 2 hours such as the 2016 Pulse Nightclub shooting (194 minutes from first call to 911) and Bataclan Theater (~156 minutes from first call to 112).

Developing a Design Basis Threat for Active Shooter Attacks

In the government community, many organizations promulgate official DBT statements to serve as a standardized reference throughout the organization. For instance, the Interagency Security Committee (ISC) in the United States produces a Design Basis Threat (DBT) document for use during risk assessments and security planning in Federal facilities. The ISC DBT includes several threat scenarios related to armed attack with narrative descriptions of the event, and adversary characteristics such as numbers of adversaries, weaponry, tactics, etc.

The US Department of Defense also provides similar guidance for DoD facilities in UFC 4-020-01 “DoD Security Engineering Facilities Planning Manual.”[9] In Table 3-27, DoD presents a generic DBT (Threat Parameters) including several categories of Aggressor Tactics and a system for defining progressive levels of threat. Each threat level is attributed a corresponding description of weaponry, toolset, and/or delivery method.

As a consultant, I am not an advocate of adopting generic DBTs unless required by official mandate. Instead, I prefer using a research-based approach which considers the specific characteristics of relevant adversaries, historical attack data, regional trends, and similar issues. This type of approach is often more laborious, but results in a custom DBT that is rational, justifiable, and specific to the threat situation.

When developing a custom DBT, I typically begin by collecting data about attacks against similar facilities in the region or attacks perpetrated by adversaries of relevance with focus on weaponry, number of attackers, and tactics. The following table illustrates how this type of data collection might be applied for a facility in Kenya where Al-Shabaab is the primary adversary of concern.

After data has been collected, a threat definition is then developed representing likely adversary capabilities and modus operandi. In a basic approach, the DBT is written to match any capabilities well established by trend or average. In a cautious or very cautious approach, the DBT matches or exceeds the highest level of capability as demonstrated in previous attacks.

Even in situations where there are no unique adversary groups to serve as a model, this same type of research-supported approach can be applied for creating a non-specific, but justifiable DBT. Following are some examples of reasonable threat definitions based on historical attack data and well-established trends in different regions of the world.

Endnotes

[1] Examples including the 2015 Corinthia Hotel Tripoli attack and 2008 Taj Majal attack.

[2] Dietz, Park D. “Mass, Serial, and Sensational Homicides.” Bulletin of the New York Academy of Medicine. 62:49-91. 1986.

[3] Blair, J. Pete, and Schweit, Katherine W. A Study of Active Shooter Incidents, 2000 – 2013. Texas State University and Federal Bureau of Investigation, U.S. Department of Justice, Washington D.C. 2014. pp. 7. PDF. (The 2011 South Jamaica and 2012 Tulsa shootings are specifically noted as the only events involving more than one attacker in the FBI’s study of U.S. domestic active shooter attacks between 2000 and 2013.)

[4] Gundry, Craig S. “Analysis of 20 Marauding Terrorist Firearm Attacks.” Preparing for Active Shooter Events. ASIS Europe 2017, 30 Mar. 2017, Milan, Italy.

[5] Gundry, Craig S. “Threat Assessment Methodology and Development of Design Basis Threats.” Assessing Terrorism Related Risk Workshop. S2 Safety & Intelligence Institute, 25 Apr. 2017, Brussels, Belgium.

[6] Gundry, Craig S. “Analysis of 20 Marauding Terrorist Firearm Attacks.” Preparing for Active Shooter Events. ASIS Europe 2017, 30 Mar. 2017, Milan, Italy. (Presentation included results of an unpublished 2015 study by Critical Intervention Services.

[7] Smith, Joseph, and Daniel Renfroe. “Active Shooter: Is There a Role for Protective Design?” World Building Design Guide, National Institute of Building Sciences, 2 Aug. 2016, www.wbdg.org/resources/active-shooter-there-role-protective-design. Accessed 22 Sept. 2017.

[8] Blair, J. Pete, Martaindale, M. Hunter, and Nichols, Terry. “Active Shooter Events from 2002 to 2012.” FBI Law Enforcement Bulletin. Federal Bureau of Investigation, 1 July 2014, https://leb.fbi.gov/2014/january/active-shooter-events-from-2000-to-2012. Accessed 22 Sept. 2017.

[9] UFC 4-020-01, DoD Security Engineering Facilities Planning Manual. US Department of Defense, N.p.: 2008.

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

March 17, 2020August 14, 2020

Physical Security Design and The Active Shooter (Pt. 1)

Physical Security and Active Shooter Attacks

Physical Security Design and The Active Shooter (Pt. 1)

When many people think of physical security, the first ideas that come to mind are things like locks, alarm systems, screening with metal detectors, CCTV, etc.—hardware components or procedures. Although these elements play a role in physical security, they have no value outside the context of the overarching system design.

In the context of active assailant attacks, performance-based physical security design integrates Detection, Delay, and Response elements in a manner that mathematically reconciles the time required for an adversary to commence mass killing and the time required for detection and response by security or police.

Fundamentally, physical security design is a mathematics problem defined by several key times and probabilities. The main performance metric of a Physical Protection System (PPS) design is its Probability of Interruption, defined as the probability that an adversary will be detected and intercepted by a response force before he/she can complete their objective.[1] The most important elements determining the Probability of Interruption are the Adversary Task Time (total time required for an adversary to enter a facility and access their target) and response force time. If the total time for detection, assessment, communications, and response force intervention is longer than the adversary task time, the system will fail. Specific elements alone (such as having an access control system or CCTV cameras) mean nothing outside the context of the overall system design. Individual PPS elements must work together integrally to reconcile these key times or the adversary will succeed.

In the context of active shooter events, detection usually is the result of visual or audible observation when the attack commences. Detection may also result from an alarm signal generated by forced entry into secured spaces or gunshot detection systems. The Time of Detection during an attack is represented in figure 1 as T_D.

The time the report is received by authorities and/or assessed by a security control room for deployment of on-site armed officers is represented in the diagram as TA (Time of Assessment).

After the 911/112 center or security control room is alerted, the response force is subsequently dispatched to intercept and neutralize the adversary. This is represented in the following diagram as the Time of Interruption (TI).

While the alert and response force deployment is in progress, the adversary advances through barriers and distance to access targets and initiate mass killing. The time mass killing is in progress is represented in the previous diagram as Time of Completion (T_C). The Adversary Task Time is the cumulative time between the Time of Detection and the Time of Completion. If the Time of Interruption is before the Time of Completion, the Physical Protection System (PPS) is successful in its function of preventing mass killing.

In most previous active shooter attacks, deficiencies in one or more key functional elements (Detection, Delay, or Response) result in a situation where mass killing (T_C) initiates before the response force intervenes (T_I).

Based on data yielded during several studies of active shooter attacks, the consequences of the difference in time between commencement of mass killing and response force intervention (TC versus TI) can be estimated as one casualty per 15 seconds.[2]

Although the ideal objective of PPS design is to interrupt mass killing before it commences, real world conditions often limit the possibility of achieving a high Probability of Interruption. This type of situation is often common in ‘soft target’ facilities due to the need for unobstructed public access and facilities reliant on the unpredictable response times of off-site police. Other real world challenges such as cultural expectations, branding, and budget boundaries often limit the feasibility of implementing ideal physical security measures. And if an attack is launched by an insider adversary (e.g., employee, student, etc.) already inside the facility, physical protection elements at outer protective layers (e.g., perimeter, building envelope, entrances, etc.) will have little or no benefit.

Nevertheless, all measures that increase Adversary Task Time and expedite response time have a direct benefit in reducing potential casualties by narrowing the gap between TC and TI.

Sandy Hook Elementary School, 14 December 2012: Case Study of Performance-Based Physical Security Principles in Practical Application

At approximately 09:34, Adam Lanza used an AR-15 rifle to shoot through a tempered glass window adjacent to the school’s locked entrance doors and passed into the lobby.[3]

After killing the school principal and a school psychologist and injuring two other staff members who entered the hallway to investigate, Lanza entered the school office. Meanwhile, staff members concealed inside the school office and nearby rooms initiated the first calls to 911. Staff located throughout the building were alerted when the ‘all-call’ button on a telephone was accidentally activated during a 911 call.

After finding no targets in the office, Lanza returned to the hallway and proceeded into the unlocked door of first grade classroom 8 where mass murder commenced (approx. 09:36).[4] In less than two minutes, Lanza killed two teachers and fifteen students.

As the attack in classroom 8 was in progress, teacher Victoria Soto and a teaching assistant in classroom 10 attempted to conceal children in cabinets and a closet.

After exhausting targets in classroom 8, Lanza proceeded into classroom 10 and killed Ms. Soto, assistant Anne Murphy, and five children. Although the exact reason Ms. Soto did not lock the door to classroom 10 is unknown, all classrooms at Sandy Hook Elementary School featured ANSI/BHMA “classroom-function” (mortise F05 and bored F84) locks which can only be locked with a key from the hallway-side of the door.

The tragedy ended in classroom 10 when Lanza committed suicide at 09:40 while police were preparing for entry into the building.

As common in U.S. primary schools, Sandy Hook Elementary School relied on off-site police as their response force during emergency events. Response was first initiated at 09:35 when a staff member called 911 to report the crisis. At 09:36, an alert was broadcast by radio and police units were dispatched to the school. The first police unit arrived at 09:39, followed immediately by two other units. After assessing the scene and planning a point of entry, the officers organized into a contact team and made entry into the school at 09:44.

In the context of physical protection system performance, the adversary task time (time between when Lanza’s entry commenced and mass killing was in progress) at Sandy Hook Elementary School was approximately 23 seconds. The time between detection of the attack and on-site arrival of police was slightly less than three minutes. However, there was an additional 5-6 minutes of time as officers assessed the situation and organized before making entry and effectively moving indoors to neutralize the killer. When assessing incidents involving response by off-site police, arrival time at the scene is irrelevant. What matters is the time ending when police arrive at the immediate location of the adversary ready to neutralize the threat. This describes the contrast between On-Site Response Time and Effective Response Time. At Sandy Hook Elementary School, the Effective Response Time was approximately nine minutes.

As illustrated in the following table, the variation between Adversary Task Time and Effective Response Time witnessed at Sandy Hook Elementary School has been historically common during active assailant attacks. In each of the six events documented below, mass killing was in full progress within 1-3 minutes of the time the attacker entered the building or shot the first victim. By comparison, the Effective Response Times ranged between 7 and 38 minutes, with most events ending prior to intervention by police when the attacker(s) escaped or committed suicide.

Mitigating the consequences of active shooter attacks through better physical security design and integration

In the Newtown tragedy, PPS failure was largely the result of inadequate delay in relation to the time required for response by off-site police. When the attack is analyzed using Sandia’s Estimate of Adversary Sequence Interruption (EASI) Model, the original PPS at Sandy Hook Elementary School would have had a Probability of Interruption of 0.0006 (Very Low).

In the case of Sandy Hook Elementary School, there are a number of measures that could have improved overall system performance.

Upgrade the facade with intrusion-resistant glazing. Adam Lanza entered the building by bypassing the locked entrance doors and shooting a hole through the adjacent tempered glass window. He then struck the fractured window and climbed through the breach. Tempered safety glass is generally only 4-5 times resistant to impact as annealed glass and provides minimal delay against forced intrusion. According to testing documented by Sandia National Laboratories, 0.25 inch tempered glass provides 3-9 seconds of delay against an intruder using a fire axe and the mean delay time for penetrating 1/8″ tempered glass with a hammer is 0.5 minutes.[5] However, impact testing documented by Sandia did not account for the fragility of a tempered glass specimen after first being penetrated by firearm projectile. In penetration tests Critical Intervention Services conducted of 1/4-inch tempered glass windows using several shots from a 9mm handgun to penetrate glazing prior to impact by hand, delay time was only 10 seconds.[6]

Upgrading facade glazing with the use of mechanically-attached anti-shatter film could have improved delay time at the exterior protective layer by 60-90 seconds.[7]

Construct an interior protective layer to delay access from the lobby into occupied school corridors. Once Adam Lanza breached the exterior facade into the school lobby, there were no additional barrier layers delaying access into areas occupied by students and faculty. A significant percentage of active shooter assaults by outsider adversaries originate through main entrances and progress into occupied spaces.[8] Some examples include attacks at the Riena Nightclub (2017), Pulse Nightclub (2016), Charlie Hebdo Office (2015), Inland Regional Center (2015), Colorado Springs Planned Parenthood (2015), Centre Block Parliament Bldg (2014), and US Holocaust Memorial Museum (2009).

An ideal lobby upgrade would be designed to facilitate reception of visitors while securing the interior of the school through a protective layer constructed of intrusion-resistant materials. Depending on material specifications, an interior barrier layer could have delayed Adam Lanza’s progress into the school by an additional 60-120 seconds.

Replace “classroom-function” locks on school doors with locks featuring an interior button or thumbturn. All classroom doors inside Sandy Hook Elementary were equipped with ANSI “classroom-function” locks (mortise F05 and bored F84). These are perhaps the worst choice of locks possible for lockdown purposes during active shooter events. As witnessed in a number of attacks, doors equipped with classroom-function locks often remain unlocked due to difficulty locating or manipulating keys under stress. In addition to Sandy Hook classroom 10, another incident where this situation clearly contributed to unnecessary casualties was the 2007 Virginia Tech Norris Hall attack.[9] In these two events alone, 26 students and faculty were killed and 24 wounded specifically because the doors to classrooms could not be reliably secured.

Ideal specifications for door locks would be ANSI/BHMA A156 Grade 1 with an ANSI lock code of F04 or F82.[10] Mechanical locks rated ANSI/BHMA Grade 1 have been successfully evaluated under a variety of static force and torque tests. Locks coded as F04 and F82 feature buttons or thumbturns to facilitate ease of locking under stress.

Although there are no empirical sources citing tested forced entry times against ANSI/BHMA A156 Grade 1 rated locks, it is estimated that a committed adversary using impact force with no additional tools could penetrate improved locks in approximately 90-110 seconds.

Replace door vision panels with intrusion-resistant glazing. During the attack at Sandy Hook Elementary, Adam Lanza was able to enter classrooms 8 and 10 directly through unlocked doors. If these classrooms were secured, the tempered glass vision panels on all classroom doors could have been easily breached to facilitate entry in less than 10 seconds.

An effective approach to physical security specification would ensure that all barriers composing the classroom protective layer are composed of materials with similar delay time values. This could be accomplished by ensuring that vision panels are no wider than 1.5″ (3.8 cm) or constructed of intrusion-resistant glazing such as laminated glass, polycarbonate, or reinforced with anti-shatter film.

If the aforementioned barrier improvements were employed in the PPS design at Sandy Hook Elementary School, Adam Lanza’s access into occupied classrooms would have been delayed by an additional 162-312 seconds. This would have improved the overall performance of the PPS by potentially increasing the Adversary Task Time to 185-335 seconds before mass killing was in progress. Although this is a significant improvement from the original Adversary Task Time (est. 23 seconds), 335 seconds is still less than the estimated response time of police during the original event (est. 544 seconds).

In many cases, accomplishing the performance-based objective of interrupting an active shooter before mass killing commences requires a combined approach aimed at both increasing delay time and decreasing response force time. In the case of Sandy Hook Elementary School, decreased response time could have been facilitated by the use of gunshot detection technology or duress alarms, improved communications procedures, and similar improvements. Any measure that decreases alert notification and response times has a beneficial impact on system performance. Even if enhancements only reduce response time by 10 or 15 seconds, such improvements have the theoretical benefit of reducing casualties by one victim per fifteen seconds of decreased response time.

In the situation of Sandy Hook Elementary School, the greatest improvement could have resulted from having an on-site response force (e.g., armed school resource officer) capable of reliably responding anywhere on the school campus within 120 seconds of alert.[11] If this measure were implemented, the total estimated alert and response time could have been improved to 147-157 seconds. When compared to the increased Adversary Task Time of 206-316 seconds, the improved PPS design would have likely resulted in interruption before mass homicide commenced. When analyzed using Sandia’s Estimate of Adversary Sequence Interruption (EASI) Model, the improved PPS would have resulted in a Probability of Interruption of 0.87 (Very High).

The following table and spreadsheet models the PPS improvements described in this article to demonstrate how performance-based physical security design can influence the outcome of armed attacks.

Threat Characteristics and Physical Security Performance

The delay time expectations of physical barriers cited in this article were based on the weaponry and methods of entry employed by Adam Lanza at Sandy Hook Elementary School. If Lanza had employed different tools or methods, the delay time of barriers would have correspondingly been different. The same principle is true for bullet-resistant barriers. The ballistic resistance of materials is directly relative to the caliber and type of ammunition used by an adversary.

To ensure a security design performs as expected, it is first necessary to establish a definition of the adversary’s likely capabilities and tactics. In Part 2 of this series, we’ll continue this discussion by exploring trends in the behavior of attackers, threat capabilities and methods, and approaches to developing a Design Basis Threat (DBT) suitable for security planning.

Endnotes

[1] Garcia, Mary Lynn. Design and Evaluation of Physical Protection Systems. Burlington, MA: Elsevier Butterworth-Heinemann, 2007.

[2] Anklam, Charles, Adam Kirby, Filipo Sharevski, and J. Eric Dietz. “Mitigating Active Shooter Impact: Analysis for Policy Options Based on Agent/computer-based Modeling.” Journal of Emergency Management 13.3 (2014): 201-16.

[3] Sedensky, Stephen J. Report of the State’s Attorney for the Judicial District of Danbury on the shootings at Sandy Hook Elementary School and 36 Yogananda Street, Newtown, Connecticut on December 14, 2012. Danbury, Ct.: Office of the State’s Attorney. Judicial District of Danbury, 2013. Print.

[4] Time estimated based on witness event descriptions and assessment of time required to walk through the school office and down the corridor to classroom 8.

[5] Barrier Technology Handbook, SAND77-0777. Sandia Laboratories, 1978.

[6] Critical Intervention Services assisted a window film manufacturer in 2015 in conducting a series of timed penetration tests of 1/4-inch tempered glass windows with mechanically-attached 11 mil window film. The tests involved penetration by firearm followed by impact (kicking and rifle buttstock). The delay times ranged from 62 to 94 seconds and deviated according to the aggression of our penetration tester.

[7] Ibid.

[8] Gundry, Craig S. “Analysis of 20 Marauding Terrorist Firearm Attacks.” Preparing for Active Shooter Events. ASIS Europe 2017, 30 Mar. 2017, Milan, Italy.

[9] Mass Shootings at Virginia Tech. April 16, 2007. Report of the Review Panel. Virginia Tech Review Panel. August 2007. pp.13.

[10] ANSI/BHMA A156.13, Mortise Locks and Latches. Builders Hardware Manufacturers Association (BHMA), New York, NY, 2011.

[11] CIS Guardian SafeSchool Program® standards define a performance benchmark of 120 seconds as the maximum time for acceptable response by on-site officers. However, achieving this type of response time in many facilities requires careful consideration of facility geography, communications systems, access obstructions, and officer capabilities (e.g., training, physical conditioning, etc.).

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

March 17, 2020August 14, 2020

Facility Preparation and The Active Shooter Threat (Main Article)

Comprehensive risk management programs employ a multi-layered approach to reducing the risk of active shooter violence. Issues such as threat recognition and assessment, reinforcement of positive workplace/school climate and culture, suspicious activity recognition and reporting, emergency planning, and employee training all contribute to reducing the risk of active shooter attacks. However, if measures employed to prevent attacks are unsuccessful or an outsider targets the facility in a manner that evades our proactive influence, physical security and infrastructure readiness are crucial factors influencing the consequences of the event.

In recent years, much has been published focused on managing risks of active shooter violence through preventive approaches and response training. Organizations such as the US Department of Homeland Security, ASIS International, and the Association of Threat Assessment Professionals offer a wealth of information to assist in developing threat assessment and management programs and training employees in active assailant response.

Unfortunately, far less attention has been devoted to equally important matters of building design and physical security. Withstanding a handful of essays and school-related publications, there is little guidance in print about designing and preparing facilities for active shooter violence. Further, most guides that have explored this subject to date have been basic and tend to overlook important vulnerability issues and technical details.

The following collection of articles aims to address this situation and serve as a comprehensive design guide and technical reference for architects, building managers, and security professionals. The essays in this series were originally prepared for a book I have been writing for the past few years. Although I will probably submit the final body of work for print when everything is complete, we have decided to publicly release what has been written thus far in hope of filling the gap in current literature.

Protective Design Concepts

Parts 1-4 of this series provide an overview of protective strategy for reducing active shooter risk, principles of performance-based physical security, and practical issues that should be considered during the design process.

Universal Protective Measures

Parts 5-14 of the series address specific preparation matters applicable to most facilities including topics such as secure entry control, safe rooms, egress design, and emergency communications infrastructure.

1. 1. Outdoor Protective Measures
  2. Building Envelope & Entrance Design
  3. Entry Control Screening
  4. Access Control Systems
  5. Safe Rooms
  6. Egress Design
  7. Attack Detection Systems
  8. Emergency Communications Infrastructure
  9. Armed Response Officers
  10. CCTV and Control Rooms

Technical References

Throughout this series, references are made to various standards for hardware specification and barrier construction. The following articles are provided as a technical reference to assist architects, engineers, and security professionals in interpreting these standards and/or evaluating the vulnerability of existing security barriers.

A. Forced Entry Standards
B. Ballistic Protection Standards
C. Protective Barrier Materials & Construction

Craig Gundry

CIS consultants offer a range of services to assist organizations in managing risks of active shooter violence.
Contact us for more information.

The Weakest Link in the Chain: Glass Vulnerabilities and The Active Shooter

Security Glazing and Reinforcement Options

Laminated Glass

Polycarbonate

Security Window Film

Bullet-Resistant Glass

Craig Gundry

Barrier Delay Measures and The Double Edged Sword

Craig Gundry

Safe Rooms, Classroom Security, & The Active Shooter

Basic Safe Room and Classroom Security Criteria for Active Shooter Protection

Facilities and Schools With Minimal Safe Room/Classroom Options for Active Shooter Protection

Advanced Safe Rooms for Active Shooter Applications

Safe Room Kits

Craig Gundry

The Capitol Hill Riot: A Case Study in Securing Buildings Against Violent Intrusion

Craig Gundry

Egress Design and The Active Shooter Threat (Pt. 10)

Egress Routes

Exit Signage

Emergency Stairwells

Exit Doors

Unconventional Exit Options

Recent Comments

Craig Gundry

Considerations for Designing Active Shooter Protection Measures (Pt. 4)

Is it feasible to employ restrictive entry control and screening measures?

Are there groups of occupants present whose capability to respond is likely impaired or who are unable to easily evacuate during an attack?

Are there large numbers of people present who are expectedly unfamiliar with the facility?

Does the interior layout of existing buildings provide ample options for occupants to take safe refuge?

Do cultural expectations or public image concerns restrict the employment of high profile security measures?

Is it expectedly safe for people to evacuate the facility during an attack, or is the facility located in a geographic area where escape outdoors is impractical or possibly dangerous?

Is it feasible to have an on-site armed response capability?

Are we located in a region where previous incidents often result in a siege or delayed intervention by security forces?

Is our Design Basis Threat adversary an insider, outsider, or both?

The Sympathetic Nervous System (SNS), Situational Awareness, and Active Shooter Attacks

Craig Gundry

Facility Preparation for Active Shooter Attacks: Key Objectives (Pt. 3)

Physical Security and Active Shooters: Key Objectives

Craig Gundry

Design Basis Threat and The Active Shooter (Pt. 2)

Who exactly are we trying to protect ourselves against when we use the term “active shooter?”

Considerations for Developing a Design Basis Threat

Number of Attackers

Relationship to the Facility/Organization

Entry Tools and Methods

Weaponry

Likelihood of a Hostage/Siege Event

Developing a Design Basis Threat for Active Shooter Attacks

Craig Gundry

Physical Security Design and The Active Shooter (Pt. 1)

Sandy Hook Elementary School, 14 December 2012: Case Study of Performance-Based Physical Security Principles in Practical Application

Mitigating the consequences of active shooter attacks through better physical security design and integration

Threat Characteristics and Physical Security Performance

Craig Gundry

Facility Preparation and The Active Shooter Threat (Main Article)

Protective Design Concepts

Universal Protective Measures

Technical References

Recent Comments

Craig Gundry