rxEPA United States Environmental Protection Agency New England US EPA Headquarters Library Mail code 3404T 1200 Pennsylvania Avenue NW Washington, DC 20460 202-566-0556 Colleges and Universities O c t ob e r 200 3 Site Security Awareness Safeguarding Against Terrorism Introduction Emergency planning and manage- ment are increasingly recognized as critical to the operations of col- ', leges and universities, and require closer partnerships with first re- sponders at the federal, state and local levels. More than ever before, emergency planning requires close coordination among the respond- v ing departments within an institu- ' tion including: public safety, Envi- ronmental Health and Safety, pub- lic information officers, residence hall directors, student life, informa- tion technology, and managers of facilities housing hazardous mate- rials. The purpose of this fact sheet is to provide security suggestions and to increase awareness on se- curity matters that may impact your campus, its stability, and your community. Site Security: Are you a target for terrorism? Physical security measures will deter adversaries. Consider the fol- lowing: >Identify campus assets that could be used as a weapon of mass destruction (WMD); >Provide layers of security, carting at the campus's perim- nd then assess other a I operations such as food °01 es; residence halls; F- "ch facilities; laboratories; 03- Uion areas; and critical 006 ;, filters, and pumps; ^Perimeter protection measures include fences and exterior walls, bollards, personnel gates and turnstiles, vehicle gates, and security lighting; > Employ skilled security personnel to aid In access control and emer- gency response; >Access control measures, such as signs, locks, alarm systems, security doors and windows, card-based access control systems, and biometric sys- tems; >Surveillance and monitoring through close circuit television (CCTV)/surveillance cameras in critical or restricted areas; digitized card reader; faculty, staff, student and contractor ID badges; visitor pass/badge; and/or entry log book; > Protect and secure electricity, communications, and other utilities with uninterrupted and backup power source, such as a generator. JUL 20 Faculty, Staff, Students and Contractor Security Threats that "come from within" are the most difficult to detect. <=> Restrict access and allow only authorized employees who work in sensitive or restricted areas (Scientist, Service Personnel, Visitors, Vendors, Contractors, etc.); O Establish background screen- ing policies for all faculty, staff and contractor; ^ Evaluate screening processes for students, especially those who may have access to restricted areas; ^ Ensure that individuals in the laboratories are aware of restrictions on storage, trans- ferring, receiving, and use of materials with chemicals, biohazards, explosives, or radiological hazards. => Maintain inventory control of all materials with chemicals, biohazards, explosives, or radiological hazards on your campus. "=> Implement prohibition policies and reporting procedures for faculty, staff, student and/or contractor regarding physical violence, verbal abuse, willful destruction of property, and intimidation. ------- Management Issues In today's society, security is everyone's responsibility. The fol- lowing is a list of "risk-based man- agement decisions" that must be con- sidered in planning: >lntegrate site security into your campus's Emergency Response Plan; ^Security should be given con- sideration as one of the university's core values. Estab- lish written university policies and procedures pertaining to security; >Use a risk-based approach to assess and select the right security control measures; >Survey workforce skills; > Assign the oversight of security (e.g., physical, personnel, and information systems) to top managers; >Include security in all appropri- ate training and courses; >Work with local, state, and federal law enforcement and other public safety agencies; >Be an active member of your Local Emergency Planning Committee (LEPC); >Assess and periodically reassess your campus security systems. Identify any existing or potential threats, targets, vulnerabilities. hazards, risks, as well as miti- gation and countermeasures; >Evaluate faculty, staff, students and contractors identification procedures; >EXERCISE THE PLAN: >Consider just-on-time manage- ment of extremely hazardous substances. Keep and use the least amount of chemicals on- site as possible. Explore product substitution, especially in your laboratories. >Review suppliers' transportation security procedures; >Regularty update written secu- rity policies and procedures, including the following: ^Physical security systems; ^Results of vulnerability and/or risk assessment; •^Procedures for referring suspi- cious incidents to campus police or appropriate authori- ties; "^Protection of university information, computers, and networks; "^Procedures for emergency response, crisis management, and shutdown; ^Recognition of security breaches and proper actions to be taken; system for collecting and analyzing reports of security incidents; of contact names and information for reporting security incidents. Information, Computer, and Network Security Information, computer, and network security are distinguished from physical security because informa- tion protection goes beyond propri- etary information and university procedures. Potential adversaries can obtain information on chemical processes, list of hazardous mate- rials, and databases that relate to biohazard research from a university's computer and network systems. The following tips should be considered in establishing infor- mation security: 0 Use protective hardware and software; 0 Establish procedures for protecting and destroying sensitive documents; 0 Change codes and passwords following a termination of employment; 0 Back up all critical information and data at an alternate loca- tion; 0 Don't leave personal planning/ scheduling devices unattended; 0 Be aware that sensitive information conveyed by telephone conversations, radio communications, and network communications can be inter- cepted. Consider using voice encryption: 0 Periodically analyze University computer transaction histories to look for irregularities that might indicate variances in normal procedures and/or security breaches. 0 Develop screening process or procedures for computer repairs if equipment may contain sensitive information. ------- Weapons of Mass Destruction (WMD) Examples at Campuses and Their Consequences Explosives: Picric Acid (Dry and crystallized); Ammonium Nitrate; Hydrazine Compounds; Diazo Compounds; Nitrocellulose (Dry); Peroxide forming agents such as: Diethyl Ether; Tetrahydrofuran; isopropyl Ether Dioxanes; Aldehydes; Compounds with benzylic hydrogens; Compounds with allyl groups Chemical: Poison gas, blister gas Biological: Anthrax; Small Pox; Ricin; Botulinum Toxin; Human Immu- • nodeficiency Virus (HIV); Plague; Viral Hemorrhagic * Fever(VHF) . • Nuclear: Any equipment or weapon that is designed to release I radiation or radioactivity at a level dangerous to human • life J • Note: In addition to the obvious consequences (e.g., deaths, injuries, dam- • aged structures, possible contamination, possible long-term effects, far- * reaching geographic effects), universities may also consider the economic • consequences to the institution and the potential physcological ramifica- • tions throughout the campus. J Federal Offices DHS (Watch & Warning Unit): EPA New England Environmental Emergency 1.888.585.9078 FBI - Boston, MA 800.424.8802 617.742.5533 FBI - New Haven, CT 203.777.6311 £+ Non-Emergency EPA New England Customer Call Center 888.372.7341 or 617.918.III! i Web Resources for Emergency Planning \ Agency for Toxic Substances and Disaster Registry \ American Red Cross \ Education Resources Information Center (ERIC) I Federal Emergency Management Agency (FEMA) \ FBI/Awareness of National Security Issues & Response \ Lawrence Berkeley National Laboratory \National Response Team (NRT) Office of Domestic Preparedness (ODP) US Department of Education US Department of Homeland Security (OHS) http://www.atsdr.cdc.gov/ http://www.redcross.org http://www.eric.ed.gov/ http://www.fema.gov/ http://www.fbi.gov/hq/ci/ansir/ansirhome.htm http://securebuildings.lbl.gov/ http://www.nrt.org/ http://www.ojp.usdoj.gov/odp/ http://www.ed.gov/ http://www.whitehouse.gov/homeland/ This is a selected list of sites that provide timely and useful information about emergency planning and counter- terrorism; it is not an exhaustive list of ail parties with a role or interest in the subject matter. Inclusion here does not mean an endorsement of the site. ------- Homeland Security Presidential Directive (HSPD) - 5 National Incident Management System (NIMS) In response to the terrorist attacks on September II, 2001, the President issued Homeland Security Presidential Directive (HSPD)-5 which called for the development of a National Response Plan (NRP) to integrate Federal Government domestic prevention, preparedness, response, and recovery plans into one all-discipline, all-hazards plan under the authority of the Secretary of Homeland Security. This directive also called for the creation of a National Incident Management System (NIMS). which would provide a standardized system for implementing the NRP. NIMS provides a consistent yet flexible nation-wide framework within which local, State, and Federal levels of governments and the private sector will work effectively and efficiently to be aware of, to prepare for, to prevent, to respond to, and to recover from domestic incidents, regardless of their cause, size, or complexity. To provide for seamless cooperation among Federal, State, and local capabilities, the NIMS includes the following core concepts and principles: • NIMS standardizes incident management systems for all hazards and all levels of government. • NIMS extends incident management into the awareness, prevention, and preparedness domains. • NIMS facilitates the flow of (financial and physical) resources in pre-incident planning and post-incident execution. • NIMS establishes a common operating picture that promotes useful information flow (Communications, Intelligence, and Information Management) at all levels of government. • NIMS promotes the strategic development of new technologies and provides scientific support to enhance pre- and post- incident operations at all levels of government. By December 31, 2003, all Federal departments and agencies shall adopt the NIMS within their departments and agencies and provide support and assistance to the Secretary in the development and maintenance of the NIMS. The Federal Agencies are currently reviewing the requirements under this Presidential Directive and providing input as necessary. This process will ultimately result in the development of a full NRP, including the NIMS, that ensures a national approach to domestic incident management and a process that places similar emphasis on awareness, prevention, and preparedness as traditionally has been placed on response and recovery. Beginning in Fiscal Year 2005, Federal departments and agencies shall make adoption of the NIMS a requirement, to the extent permitted by law, for providing Federal preparedness assistance through grants, contracts, or other activities. The Secretary of Homeland Security will coordinate with the private and non-governmental sectors to ensure adequate planning, equipment, training, and exercise activities and to promote partnerships to address incident management capabilities and will also develop standards and guidelines for determining whether a State or local entity has adopted the NIMS. Suspicious Activities Since most campuses are open to the public, it is important to always remain alert to any suspicious activi- ties. Follow campus security procedures whenever such an event arises. When encountering a suspicious individual, make clear observations so you can record a physical description of the individual including any unique identifying features. If possible, document other pertinent information including vehicle description, license number and egress direction. Never put yourself at risk. Report the incident to either the campus police or local law enforcement agency immediately and write down everything you witnessed immediately; REPORT THE FOLLOWING TO LAW ENFORCEMENT AUTHORITIES: •^Suspicious activities, vehicles, or persons; ^-Missing chemicals, equipment, or critical •^-Break-ins U.S EPA Headquarters Library il corJe 3404T Avenue NW Washington, DC 20460 202-566-0556 vvEPA United States Environmental Protection Agency New England 1 Congress Street, Suite 1100 SPP EPA901-F-03-006 Boston, MA 02114-2023 . October2003 www.epa.gov/ne/assistance/univ/index.html ------- |