Is That a Threat?

Infrastructure Security Article December 11, 2006
Printer-friendly version

Bridges and tunnels are vulnerable to terrorist threats. Military tacticians have for centuries used available technology to destroy or preserve vital crossings. Commercial demolition experts routinely demonstrate the effectiveness of explosives to remove structures. And a captured al-Qaeda training manual shows ways to destroy bridges with improvised devices. Though this vulnerability is well understood, what is less well known is the answer to this question: What do we do to protect a vulnerable transportation system that is so important to the local, national and world economy?

The Federal Highway Administration (FHWA) began to answer this question shortly after the attacks of Sept. 11, 2001, through a cooperative effort with the U.S. Army Corps of Engineers (USACE). The USACE leveraged years of experience with military munitions and tactics for using explosives to destroy bridges to establish a foundation for how to make structures more resistant to attacks.

There are five components to an effective defense that prevents bridges from being attacked or enables them to survive an attack. Owners must first prepare to respond and recover from a potential attack.

Preparation requires working with police and fire departments, operation centers, maintenance personnel, engineers and others. With this preparation in hand, owners can start thinking on the four Ds of defense: Deter, Deny, Detect and Defend. Here are some examples:

  • Deter—Make the terrorists know you are watching. Install visible security measures, such as CCTV cameras, signs, etc. Provide routine security patrols. And improve visibility of critical locations with adequate lighting and by removing vegetation and other obstructions;
  • Deny—Don’t allow access to critical locations. Secure access hatches and doorways. Provide area control with fencing or bollards. And prevent explosives from being placed in small, inconspicuous locations;
  • Detect—Catch them in the act. Install and monitor CCTV cameras and intrusion alarms; and
  • Defend—Prevent a progressive collapse from an attack. Provide sufficient “stand off” distance to critical locations or improve member redundancy with hardening or adding additional load paths. Stand off can be achieved permanently or temporarily during an elevated threat level or specific threat against the bridge.

Because protective measures are expensive, it is essential to have a cost-effective approach to manage the risk in an environment of multiple hazards. Component-level risk management provides a way to analyze the impact of the security threats to vulnerable bridge components and help the owner focus spending on those low-cost improvements most likely to reduce risk. The goal is to manage risk, understanding that it is not possible to entirely eliminate risk from terrorists whose goal is to create catastrophic economic and social consequences.

Calculated measures

This component-level risk management methodology is founded on the basic risk equation used for other extreme events: Risk = Occurrence x Vulnerability x Importance, or R = OVI. There are six steps needed to complete this analysis and determine a base risk for each component.


1. Identify the critical bridge

The bridge under consideration should be deemed by the owner to be critical. That means that a risk analysis such as the AASHTO method has determined that this facility is at high risk relative to other assets, considering such factors as loss of life, economic consequences including user cost and replacement cost, threat assessment and general vulnerability.


2. Assemble a project team

A multidisciplinary project team is necessary to perform a component-level analysis and requires experts in bridge design, maintenance and construction, emergency response professionals (fire, police and rescue), blast and weapons-effect designers, threat assessment experts, local, state and federal government stakeholders, and others who might provide information or analysis.

The team must gather and analyze data from sources such as inspection and maintenance records, traffic studies, design drawings, load-rating calculations and emergency-response capability and response times. The data will be supplemented with information gained from site visits and interviews with responders and users. This detailed information will help the team determine values for the threats to each component, the vulnerability of each component to every possible threat and the importance of each component to the structure.


3. Compile the threats

Not all threats are effective to destroy a bridge component or to damage it sufficiently to cause instability leading to a bridge failure, and some threats, such as airplane impact or military weapon attack, are very difficult to prevent or protect against. Only those threats that are controllable, plausible and serious enough to cause catastrophic damage should be considered in this methodology.

The terrorist threats we consider are: vehicle- or vessel-borne improvised explosive devices, hand-emplaced improvised explosive devices, non-explosive cutting devices, vehicle or vessel impact and fire. Other threats can be added depending on site-specific threat information.


4. Identify the bridge’s components

The team must determine which components are important using engineering analysis done by design experts who must determine collapse mechanisms and conditions that may keep a bridge out of service for an extended time. For this determination, the design expert should involve all stakeholders to define the degree of risk that is acceptable. One might ask the question, “Should we consider damage that causes no collapse or should we set the threshold at easily repairable damage?”

It may be necessary to consider components more than one time, based on location, function, traffic configuration or other considerations.

Consider a stay cable, for example. At deck level, the stay cable is exposed to vehicular traffic, but at the connection to the tower it is far away from and relatively invulnerable to a vehicle bomb. Because the total risk to the cable will be different based on location, the analysis requires separate components for the cable at these two locations.

Applying this concept over the entire bridge will result in many components to be matched against every threat.


5. Quantify occurrence, vulnerability and importance factors

The occurrence O, vulnerability V and importance I factors can be related to the threats considered, the components identified or a combination of both. The occurrence factor captures the likelihood of each threat being used to attack each component.

The vulnerability factor is a measure of the resistance of each component to each threat under consideration.

The importance factor captures the importance of the component to the bridge, structurally, historically and due to its cost and time to repair. Each of the values for O, V and I is a number between 0 and 1.


6. Calculate the base risk

Multiplying the O, V and I factors together will determine the base risk R for each component and threat combination. Its value also will be a value between 0 and 1. It is important to note that risk can never be entirely eliminated (it cannot be 0), though it can be very low. Also, the base risk score is not a determination of absolute risk, rather it can be used to measure relative risk. The combinations that result in the highest scores are at more risk than the ones with lower scores.

Score another one

It is reasonable to concentrate protective measures on those things that can reduce the scores for those components at highest risk. Mitigation schemes are applied one at a time, the values that contribute to the risk score are re-evaluated and a new, mitigated risk score is calculated.

The difference between the base risk scores and the mitigated risk scores provides an indication of the relative risk reduction and a measure of benefit from the mitigation measures. This process is done for each protective measure and for reasonable combinations of measures. It also is critical to have good estimates of the cost for each proposed mitigation, so that the benefit from risk reduction can be compared to this cost. It is not reasonable to reduce risk at exorbitant cost. One aim might be to level the risk scores using less expensive measures.

In the end, only the owner can decide how much risk to accept and how much money should be invested to protect against terrorism. These investments must be considered along with multiple hazards that may impact their infrastructure, and this methodology provides a way to prioritize for decision makers a reasonable list of projects and objectives to be included in a spending program. Owners must consider these options in the context of their strategic agenda and within constraints of political and social agendas, understanding that some risk must be accepted and managed.

About the author: 
Burrows is a senior structural engineer for FHWA, Baltimore. He may be contacted at 410/962-6791, e-mail: [email protected] Ernst is a senior engineer, safety and security, for FHWA, Washington, D.C. He may be contacted at 202/366-4619, e-mail: steve.
Overlay Init