Vulnerability Assessment: Correctional Facilities Are Only as Secure as Their Weakest Point

Article excerpt

Today's correctional security system is configuration of personnel, procedures, detection, delay and response elements. Various tools and techniques are available to analyze a security system and evaluate its effectiveness. These tools identify system deficiencies and vulnerabilities, evaluate possible improvements and perform cost/benefit comparisons. To ensure effectiveness, systems must be designed to protect against security threats while maintaining efficient operations.

Correctional administrators should be cognizant of the need to perform vulnerability assessments, both at the design stage for new facilities and prior to planning a security upgrade for an existing facility. Failure to perform this assessment function means that the facility may have vulnerabilities that have not yet been addressed.

In the United States, prison systems are administered by each of the states, territories, the District of Columbia and the federal government. Many counties and municipalities also incarcerate misdemeanants. Few of these jurisdictions have defined threats to or requirements for security at correctional facilities, nor have many performed vulnerability assessments.

During the coming year, through sponsorship from the National Institute of Justice (NIJ) and in partnership with the National Law Enforcement and Corrections Technology Center-Southeast Region, Sandia National Laboratories in Albuquerque, N.M., will begin to assess vulnerability at selected correctional facilities and examine requirements for vulnerability assessment tools from the corrections community.

Determining Objectives

The design of an effective security system for a correctional facility requires a methodical approach in which the designer weighs the objectives, including efficient operations, safety and security, against available resources. The first step in the development of a security system design is to determine the system's objectives. Before formulating these objectives, the designer must:

* characterize (understand) the facility's operations and conditions;

* define the security threats at that facility; and

* identify escape scenarios and other targets of adversaries of the security system.

Adversaries of the security system at a correctional facility can be separated into four classes:

* inmates who wish to escape or wreak violence against facility personnel or other inmates, or who pose various other security threats to the system;

* facility insiders who may be a threat to security, such as a compromised employee smuggling in drugs;

* outsiders, such as families and friends of incarcerated offenders who might aid in an escape attempt or smuggle in contraband, or others with various agendas, such as members of organized crime or political activists; and

* outsiders acting in collusion with inmates or insiders.

For each class of adversary to the security system, the designer must understand tactics (such as deceit, force, stealth), capabilities and skills, level of motivation, speed with which the attack might be carried out, and ability to obtain, hide and carry tools and weapons.

Finally, all credible escape scenarios and other security targets should be considered. These considerations might include the defeat or bypassing of security system components or barriers, breaching of structural parts, use of such facility features as climbing or bridging aids, or the defeat of procedures by deceitful means such as forged identification.

As potential escape routes are identified, the facility's administrators must make decisions about the extent of vulnerability. The natural focus of security system design is to harden those features that are most likely to be used in an escape. Each improvement moves the attention of the potential adversary to the next easiest path of opportunity. The cost of a proposed improvement can be measured against the reduction in vulnerability to determine its worthiness for consideration. …