Multi-Hazard Risk Management Project The Smithsonian Institution (SI) Over 700 facilities worldwide dedicated to research, exhibit, and outreach 18 museums and galleries in Washington DC and NYC wide variety of other facilities 1 new museum in planning stage Quasi-federal agency 1,000 staff and volunteers 1
SI Facilities 3 SI Facilities Museums Research Zoo Office Buildings Warehouse/Storage Telescopes Owned and Leased
Office of Protection Services Over 800 security guards and police officers and 100 management, technical, investigation staff in DC, NYC, and Panama dedicated to: Security guards (proprietary and contract) Police (National Zoo) Investigations Physical Security (Design and Construction) Personnel Security (Identity Management) Disaster and Emergency Management Risk Management Responsibilities Cultural Property Protection Anti-terrorism Disaster Management Program Hosts the National Conference of Cultural Property Protection SI Role in National Mitigation and Planning Department of Homeland Security Key Assets (Resources) National Infrastructure and Protection Plan (NIPP) National Monument and Icon Sector Federal Facilities Sector Commercial Facilities Sector Interagency Security Committee Membership Communication with other agencies Department of Justice Mall security agencies Cultural Property Community 6 3
Overview Why are we doing this? Government says we should It is smart It is our responsibility to staff, visitors, and the National Collection SI Disaster Management Program Preparedness, including Risk Management Risk Assessment (every 3 years) Risk Mitigation Response Recovery Risk Mitigation is generally the most efficient and cost effective form of disaster management Why Multi-Hazard? 7 The Methodology FEMA 6 and Written by DHS/FEMA for use by state and local agencies Government / commercial sector-specific plan (NIPP) Provides framework and methods that can be adjusted Free, non-proprietary Method Database Training For SI, methodology was modified to address all hazards First time this was done Modified method was template for other All-Hazard Risk Assessments Modified method is being incorporated into Version of the publications in October 007 8
What Level of Assessment? Tier 1 Screening staff spending 1 to days on site Conceptual level protective measures and ROM cost estimates Tier Detailed to 7 staff spending 1 to weeks on site Detailed protective measures and cost estimates 9 FEMA 6/ Methodology Risk = (Asset Value) x (Threat Value) x (Vulnerability Value) 10
Step 1: Threat/Hazard Identification & Rating Disaster Level Threat Manmade Explosive Blast due to vehicle bomb Chemical / Biological / Radiological (CBR) release Technological accident Armed attack Civil Disruption Cyber Attack Kidnapping / Hostage Limited Data to Produce Probability! Access to Agent Knowledge or Expertise History of Threats Asset Visibility/Symbolism Asset Accessibility Site Population Collateral Damage Disaster Level Threat Natural Hazard Wind (hurricane or tornado) Severe Storm / Lightning Earthquake Wildfire (not building fire) Flooding (surface water, not broken pipes) Landslide / Sinkhole Lava flow Significant Data to Produce Probability! 11 Creating a Threat Value Threat / Hazard Rating Very High 10 The likelihood of a threat, weapon, and tactic being used against the site or building is imminent. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is credible. High 8 9 The likelihood of a threat, weapon, and tactic being used against the site or building is expected. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is credible. Medium High 7 The likelihood of a threat, weapon, and tactic being used against the site or building is probable. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is credible. Medium 6 The likelihood of a threat, weapon, and tactic being used against the site or building is probable. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is known, but is not likely. Medium Low The likelihood of a threat, weapon, and tactic being used against the site or building is probable. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is known, but is not likely. Low 3 The likelihood of a threat, weapon, and tactic being used against the site or building is possible. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat exists, but is not likely. Very Low 1 The likelihood of a threat, weapon, and tactic being used against the site or building is very negligible. Internal decision-makers and/or external law enforcement and intelligence agencies determine the threat is non-existent or extremely unlikely. 1 6
Step : Asset Identification and Assessment Two part process: Define and understand a building s core functions and processes Approx 3 0 functions Identify site and building infrastructure and systems 10 infrastructure elements 13 People and Asset Value Asset Value: The degree of debilitating impact that would be caused by the incapacity or destruction of an asset Determined by staff at each site Normalized by the assessment team 1 7
Creating an Asset Value Very High High Medium High Medium Medium Low Low Very Low 10 8 9 7 6 3 1 Asset Value Loss or damage of the building s assets would have exceptionally grave consequences such as extensive loss of life, widespread severe injuries, or total loss of primary services, core processes, and functions. Loss or damage of the building s assets would have grave consequences such as loss of life, severe injuries or impairment of core processes, and functions. Loss or damage of the building s assets would have serious consequences, such as serious injuries or impairment of core processes and functions. Loss or damage of the building s assets would have moderate to serious consequences, such as injuries or impairment of core functions and processes. Loss or damage of the building s assets would have moderate consequences, such as minor injuries or minor impairment of core functions and processes. Loss or damage of the building s assets would have minor consequences, such as a slight impact on core functions and processes for a short period of time. Loss or damage of the building s assets would have negligible consequences or impact. 1 Step 3: Vulnerability Assessment Survey performed with a survey checklist containing 0+ questions Flooding Flooding Screening analysis Detailed Engineering Existing Operational Plans Other data collected Air Intakes Entrance Features Facility Condition Assessment Reports Master Plans Disaster Management Plans Wildfire Telecom Service Wind 16 8
Creating a Vulnerability Value Very High 10 High 8 9 Medium High 7 Medium 6 Medium Low Low 3 Vulnerability Rating One or more major weaknesses have been identified that make the asset extremely susceptible to an aggressor or hazard. The building lacks redundancies / physical protection and the entire building would only be functional again after a very long period of time after the attack. One or more major weaknesses have been identified that make the asset highly susceptible to an aggressor or hazard. The building has poor redundancies / physical protection and most parts of the building would only be functional again after a long period of time after the attack. An important weakness has been identified that make the asset very susceptible to an aggressor or hazard. The building has inadequate redundancies / physical protection and most critical functions would only be operational again after a long period of time after the attack. A weakness has been identified that make the asset fairly susceptible to an aggressor or hazard. The building has insufficient redundancies / physical protection and most parts of the building would only be functional again after a considerable period of time after the attack. A weakness has been identified that make the asset somewhat susceptible to an aggressor or hazard. The building has incorporated a fair level of redundancies / physical protection and most critical functions would only be operational again after a considerable period of time after the attack. A minor weakness has been identified that slightly increases the susceptibility to an aggressor or hazard. The building has incorporated a good level of redundancies / physical protection and most critical functions and the building would be operational within a short period of time after the attack. Very Low 1 No weaknesses exist. The building has incorporated excellent redundancies / physical protection and the building would be operational immediately after an attack. 17 Mapping Functional Areas Determine location of functional areas Are high asset value functions near areas of high vulnerability? 18 9
Example Unit Plan Results Natural Hazards Manmade Threats Function (i.e., People) Earthquake Wind Flood Explosive Blast Armed Attack Administration/Executive/Divisional Offices 70 17 8 6 11 Asset Value 7 7 7 7 7 Threat Rating 1 Vulnerability Rating 8 Armories/Break Areas/Locker Rooms 0 100 0 0 80 Asset Value Threat Rating 1 Vulnerability Rating 8 Data Center 80 00 3 6 18 Asset Value 8 8 8 8 8 Threat Rating 1 Vulnerability Rating 8 Red: Should be addressed Yellow: Consider incorporating into other projects/plans Risk = Asset Value x Threat Rating x Vulnerability Rating Green: Least Risk often no action is recommended 19 Lessons Learned Site Briefs On-Site Operational and Management Staff were much more cooperative when we explained what we were doing and why Asset Value is a difficult concept to convey isn t everything important? Low Cost / No Cost Involve key site staff during the inspection many low cost / no cost items were found, conveyed verbally, and were corrected shortly after the inspection. Many projects could be implemented with annual maintenance, and not capital funds Applicable to many Medium risk issues 0 10
Lessons Learned Difficulties with Screening Level Accounting for building age, type, use, and various renovations: many facilities could have been considered multiple facilities Structural system differences Mechanical / electrical system differences Very difficult finding building plans and important data on older buildings 1 Lessons Learned Cyberterrorism SI has a robust program to handle this threat Difficult to assess during a screening level assessment due to specialized expertise Building Fire SI has a robust fire program, therefore this hazard is already being mitigated 11
Lessons Learned Large number of buildings, lots of walking Asset value meetings needed improvement Comparing natural to man-made risk scores was challenging and exciting 3 Example Unit Plan Results 1
Risk Scores Institution-Wide Risk Scores across all sites Total Scores 31,16 Red (High Risk) Scores 3,79 (11.9 %) Yellow (Medium Risk) Scores,39 (1.93 %) Green (Low Risks) Scores 3,138 (7.1%) Screening level analysis (more detailed analysis will be required for certain mitigation) Highest Scores (60 810) covered many different risks/locations Some trends Some stand-alone scores Highest individual scores are misleading when it comes time to mitigation Anomalies / Mistakes High Risk Scores Analysis Institution-Wide High Risk Scores across all sites by threat / hazard Manmade 7.9% Drought/ Extreme Heat 1.0% Severe Storm/ Lightning 8.9% Landslide/ Sinkhole 0.3% Tsunami 0.7% Fire 0.8% Flood 3.% Earthquake 3.0% Lava Flow 0.% Wind.% 6 13
Analyzing Risk American History Case Study Of the all the high risk scores for National Museum of American History, the top 6 were due to flooding These were some of the highest risk scores for all of SI Natural hazards only represented % of the high risk scores Be careful how you interpret risk scores! 7 GIS 100 Year Flood 8 1
Major Findings Several commonalities between buildings / sites: Risks associated with geography Risks associated with changes in policies and procedures Utility backup standards Safe haven procedures Shelter-in-place procedures exist, but need additional review 9 Events During Risk Mitigation Process Wildfire near Whipple Observatory, AZ Summer 00 Hurricane Jeanne, Ft. Pierce, FL September 00 Earthquake in Kona, HI (near Mauna Kea) November 006 Flooding on Washington, DC July 006 Evacuating the National Mall July (006 and 007) 30 1
Damage to Ft. Pierce Research building was constructed in 1999 to code with an importance factor for wind Hurricane Jeanne was below a code event! Yet: Damage to facility and systems Associated costs from damage Lost time affected research schedules / projects 31 Risk Management: Taking the Next Step We took this to a higher level with SI: Translated them into the Smithsonian s Capital Plan. We worked with the people who are directly responsible for major project integration for each building. Three Options: Do nothing and accept the risk. Perform a risk assessment and manage the risk by installing reasonable mitigation measures. Protect the building against all threats to achieve the least amount of risk. 3 16
Integration of Proposed Measures Assessment Team and OPS staff met with project mangers for each site Described the results of the risk assessment including recommendations and cost estimates Decisions were made on whether / when / how to integrate findings (both major and minor) Identified source of funding (Capital, Operational, Maintenance) Nearly all findings were approved and will be integrated (many not for more than years) The Capital Plan was revised with mitigation projects integrated into existing projects or new stand-alone projects 33 Prioritization: Factors Used Let risk scores guide initial project prioritization Highest scores = highest risk Reduction in significant number of scores Focus on consequences of doing nothing Life safety Cost to replace infrastructure Importance to the overall Smithsonian mission Benefit / Cost 3 17
Findings: Utility Performance Standard Create a performance standard for different classes of buildings for redundant utilities and backup power. These critical utilities may include water, steam, gas, electric, HVAC (for certain collections and research) and communications systems. After the standards are completed, conduct a needs assessment for the different classes of buildings. 3 Findings: Detailed CBR Assessment Conduct a detailed vulnerability assessment of CBR vulnerabilities/threats for all urban facilities (direct, collateral damage issues) and determine likely protective measures. 36 18
Findings: Sheltering-in-Place Operational recommendation: Expand the Disaster Management Plans to include scenarios, eventbased decision trees, performance standards, and policies for Sheltering-in-Place for specific threats and hazards. The assessment should also include: The areas within buildings to locate people A plan for sheltering staff and visitors for various types of threats/hazards A detailed vulnerability assessment of HVAC equipment, air flow, and space requirements 37 Integration of Proposed Measures Results were integrated into major master planning for National Museum of American History Changing use of building due to flood risk 38 19
Lessons Learned Comparison of building value is difficult which building is most important? The methodology does not support this. The subjective aspects of the threat and asset value numbers can over (and under) emphasize risks. How to Define Value? Building $ value Value of assets within building Staff and visitor lives Psychosocial impact Society Government Economy x x = 1 Risk = Asset Value x Threat Rating x Vulnerability Rating 6 x 6 x = 180 39 Lessons Learned Collateral Damage (blast, CBR, etc.) should be it s own threat. Context is important. FEMA The comparison of natural threats and man made threats (when ranking) was not perfect probability versus target attractiveness. Earlier assessments (man made) were verified, but some natural disasters risks were ranked higher new data. 0 0
Results Approximately 0 new planning / design / construction projects added to the SI -year Capital Program Several new emergency / disaster planning projects included into future budget requests Difficult to draw the line at a disaster many small risks and mitigation measures were recommended (approximately maintenance projects identified) Translating theory to reality is difficult Everyone has pet projects and nobody is wrong arguments about priority New SI Performance Metric for tracking risk was developed 1 1