United States
Environmental Protection
Agency New England
US EPA Headquarters Library
      Mail code 3404T
1200 Pennsylvania Avenue NW
   Washington, DC  20460
           Colleges  and  Universities
                                                                         O c t ob e r  200 3
    Site  Security Awareness
    Safeguarding Against Terrorism
    Emergency planning and manage-
    ment are increasingly recognized
    as critical to the operations of col-
',   leges and universities, and require
    closer partnerships with first re-
    sponders at the federal, state and
    local levels. More than ever before,
    emergency planning requires close
    coordination among the respond-
v   ing departments within  an institu-
'   tion including:  public safety, Envi-
    ronmental Health and Safety, pub-
    lic information officers,  residence
    hall directors, student life, informa-
    tion technology, and managers of
    facilities housing hazardous mate-
    rials. The purpose of this fact sheet
    is to provide security suggestions
    and to increase awareness on se-
    curity matters that may  impact
    your campus, its stability, and your

    Site Security: Are you a target
    for terrorism?
    Physical security measures will
    deter adversaries. Consider the fol-
    >Identify campus assets that
      could be used as a weapon of
      mass destruction (WMD);
    >Provide layers of security,
      carting at the campus's perim-
          nd then assess other
 a         I operations such as food
 01      es; residence halls;
 F-       "ch facilities; laboratories;
 03-      Uion areas;  and critical
 006      ;, filters, and pumps;
                ^Perimeter protection measures
                  include fences and exterior
                  walls, bollards, personnel gates
                  and turnstiles, vehicle gates,
                  and security lighting;
                > Employ skilled security personnel
                  to aid In access control and emer-
                  gency response;
                >Access control measures, such
                  as signs, locks, alarm systems,
                  security doors and windows,
                  card-based access control
                  systems, and biometric sys-
                >Surveillance and monitoring
                  through close circuit television
                  (CCTV)/surveillance cameras in
                  critical or restricted areas;
                  digitized card reader; faculty,
                  staff, student and contractor ID
                  badges; visitor pass/badge;
                  and/or entry log book;
                > Protect and secure electricity,
                  communications, and other
                  utilities with uninterrupted and
                  backup power source, such as a
                            JUL 20
     Faculty, Staff, Students and
     Contractor Security

     Threats that "come from within"
     are the most difficult to detect.
     <=> Restrict access and allow only
       authorized employees who
       work in sensitive or restricted
       areas (Scientist, Service
       Personnel, Visitors, Vendors,
       Contractors, etc.);
     O Establish background screen-
       ing policies for all faculty, staff
       and contractor;
     ^ Evaluate screening processes
       for  students, especially those
       who may have access to
       restricted areas;
     ^ Ensure that individuals in the
       laboratories are aware of
       restrictions on storage, trans-
       ferring, receiving, and use of
       materials with chemicals,
       biohazards, explosives, or
       radiological hazards.
     => Maintain inventory control of
       all materials with chemicals,
       biohazards, explosives, or
       radiological hazards on your
     "=> Implement prohibition policies
       and reporting procedures for
       faculty, staff, student and/or
       contractor regarding physical
       violence, verbal abuse, willful
       destruction of property, and

Management Issues
In today's society, security  is
everyone's responsibility.  The fol-
lowing is a list of "risk-based man-
agement decisions" that must be con-
sidered in planning:
>lntegrate  site security into your
  campus's Emergency Response
^Security should be given con-
  sideration as one of the
  university's core values. Estab-
  lish written university policies
  and procedures pertaining to
>Use a  risk-based approach to
  assess and select the right
  security control measures;
>Survey workforce skills;
> Assign the oversight of security
  (e.g., physical, personnel, and
  information systems) to top
>Include security in all appropri-
  ate training and courses;
>Work with local, state,  and
  federal law enforcement and
  other public  safety agencies;
>Be an active member of your
  Local Emergency Planning
  Committee (LEPC);
>Assess and periodically reassess
  your campus security systems.
  Identify any existing or potential
  threats, targets, vulnerabilities.
  hazards, risks, as well  as miti-
  gation and countermeasures;
>Evaluate faculty, staff, students
  and contractors identification
>Consider just-on-time manage-
  ment of extremely hazardous
  substances. Keep and use the
  least amount of chemicals on-
  site as possible.  Explore product
  substitution, especially in your
>Review suppliers' transportation
  security procedures;
>Regularty update written secu-
  rity policies and  procedures,
  including the following:
  ^Physical security systems;
  ^Results of vulnerability and/or
    risk assessment;
  ^Procedures for referring suspi-
    cious incidents to campus
    police or appropriate  authori-
  "^Protection of university
    information, computers, and
  "^Procedures for emergency
    response, crisis management,
    and shutdown;
  ^Recognition of security
    breaches and  proper actions
    to be taken;
     system for collecting and
    analyzing reports of security
       of contact names and
    information for reporting
    security incidents.
Information, Computer, and
Network Security

Information, computer, and network
security are distinguished from
physical security because  informa-
tion protection goes beyond propri-
etary information  and university
procedures. Potential adversaries
can obtain information on chemical
processes,  list of hazardous mate-
rials, and databases that relate to
biohazard  research  from  a
university's computer and  network
systems. The following tips should
be considered in establishing infor-
mation security:
0  Use protective hardware and
0 Establish procedures for
   protecting and destroying
   sensitive documents;
0 Change codes and passwords
   following a termination of
0 Back up all critical information
   and data at an alternate loca-
0 Don't leave personal planning/
   scheduling devices unattended;
0 Be aware that sensitive
   information conveyed by
   telephone conversations, radio
   communications, and network
   communications can be inter-
   cepted.  Consider using voice
0 Periodically analyze University
   computer transaction histories
   to  look for irregularities that
    might indicate variances in
    normal  procedures and/or
   security breaches.
0  Develop screening process  or
   procedures for computer
    repairs if equipment may
   contain sensitive information.

                   Weapons of Mass Destruction (WMD)
              Examples at Campuses and Their Consequences
     Explosives:   Picric Acid (Dry and crystallized); Ammonium Nitrate;
                  Hydrazine Compounds; Diazo Compounds; Nitrocellulose
                  (Dry); Peroxide forming agents such as:  Diethyl Ether;
                  Tetrahydrofuran; isopropyl Ether  Dioxanes; Aldehydes;
                  Compounds with benzylic hydrogens; Compounds with
                  allyl groups

     Chemical:    Poison gas, blister gas
     Biological:    Anthrax; Small Pox; Ricin; Botulinum Toxin; Human Immu-  
                  nodeficiency Virus (HIV); Plague; Viral Hemorrhagic       *
                  Fever(VHF)                                            .
     Nuclear:      Any equipment or weapon that is designed to release      I
                  radiation or radioactivity at a level dangerous to human    
                  life                                                   J
     Note: In addition to the obvious consequences (e.g., deaths, injuries, dam- 
     aged structures, possible contamination, possible long-term effects, far-  *
     reaching geographic effects), universities may also consider the economic  
     consequences to the institution and the potential physcological  ramifica- 
     tions throughout the campus.                                         J
             Federal Offices
             DHS (Watch & Warning Unit):

             EPA New England
             Environmental Emergency
1.888.585.9078   FBI - Boston, MA

FBI - New Haven, CT  203.777.6311
             EPA New England Customer Call Center  888.372.7341 or
i   Web Resources for Emergency Planning
\  Agency for Toxic Substances and Disaster Registry
 \  American Red Cross
 \ Education Resources Information Center (ERIC)
  I Federal Emergency Management Agency (FEMA)
  \ FBI/Awareness of National Security Issues & Response
  \ Lawrence Berkeley National Laboratory
   \National Response Team (NRT)
   Office of Domestic Preparedness (ODP)
   US Department of Education
   US Department of Homeland Security (OHS)
        This is a selected list of sites that provide timely and useful information about emergency planning and counter-
        terrorism; it is not an exhaustive list of ail parties with a role or interest in the subject matter. Inclusion here does not
        mean an endorsement of the site.

                    Homeland Security Presidential Directive (HSPD) - 5

                              National Incident Management System (NIMS)

In response to the terrorist attacks on September II, 2001, the President issued Homeland Security Presidential Directive
(HSPD)-5 which called for the development of a National Response Plan (NRP) to integrate Federal Government domestic
prevention, preparedness, response, and recovery plans into one  all-discipline, all-hazards plan under the authority of the
Secretary of Homeland Security. This directive also called for the creation of a National Incident Management System (NIMS).
which would provide a standardized system for implementing the NRP.

NIMS provides a consistent yet flexible nation-wide framework within which local, State, and Federal levels of governments and
the private sector will work effectively and efficiently to be aware of, to prepare for, to prevent, to respond to, and to recover
from domestic incidents, regardless of their cause, size, or complexity. To provide for seamless cooperation  among Federal,
State, and local capabilities, the NIMS includes the following core concepts and principles:

 NIMS standardizes incident management systems for all hazards and all levels of government.
 NIMS extends incident management into the awareness, prevention, and preparedness domains.
 NIMS facilitates the flow of (financial and physical) resources in pre-incident planning and post-incident execution.
 NIMS establishes a common operating picture that promotes useful information flow (Communications, Intelligence, and
  Information Management) at all levels of government.
 NIMS promotes the strategic development of new technologies and provides scientific support to enhance pre- and post-
  incident operations at all levels of government.

By December 31, 2003, all Federal departments and agencies shall adopt the NIMS within their departments and agencies and
provide support and assistance to the Secretary in the development and maintenance of the NIMS. The Federal Agencies are
currently reviewing the requirements under this Presidential Directive and providing input as necessary.  This process will
ultimately result in the development of a full NRP, including the NIMS, that ensures a national approach to domestic incident
management and a process that places similar emphasis on awareness, prevention, and preparedness as traditionally has been
placed on response and recovery.

Beginning in Fiscal Year 2005, Federal departments and agencies shall make adoption of the NIMS a requirement, to the extent
permitted by law, for providing Federal preparedness assistance through grants, contracts, or other activities. The Secretary of
Homeland Security will coordinate with the private and non-governmental sectors to ensure adequate planning, equipment,
training, and exercise activities and to promote partnerships to address incident management capabilities and will also develop
standards and guidelines for determining whether a State or local entity has adopted the NIMS.
  Suspicious Activities
  Since most campuses are open to the public, it is important to always remain alert to any suspicious activi-
  ties.  Follow campus security procedures whenever such an event arises.  When encountering a suspicious
  individual, make clear observations so you can record a physical description of the individual including any
  unique identifying features.  If possible, document other pertinent information including vehicle description,
  license number and egress direction.  Never put yourself at risk. Report the incident to either the campus
  police or local law enforcement agency immediately and write down everything you witnessed immediately;
^Suspicious activities, vehicles, or persons;
^-Missing chemicals, equipment, or critical
                                                                    U.S  EPA Headquarters Library
                                                                              il corJe 3404T
                                                                                      Avenue NW
                                                                       Washington, DC 20460
    United States
    Environmental Protection
    Agency New England
1 Congress Street, Suite 1100 SPP              EPA901-F-03-006
Boston, MA 02114-2023 .                     October2003