Within This Page
Design strategies that not only increase robustness but also facilitate incorporation of resourcefulness and planning for recovery and warranted redundancy should be implemented. In some cases these strategies are simply achieved through effective configuration and use of site and building features. In other cases, more extensive additions of systems are required.
Building Function and Tenants
Resilience is a strategy to enhance the ability of a building, facility, or community to both prevent damage and to recover from damage. Each building has some particular function for which it is designed. Each function, each particular tenant, has a set of requirements and support systems necessary for that function. Attention should be paid to those particular needs in arriving at the specific resilience strategy and design. Achieving resilience for tenants will involve a combination of physical characteristics of the building that determine its ability to withstand disruptive events and programs and procedures that minimize impact and enable an appropriately rapid return to operations. An effective building design should anticipate and incorporate both types of resilience achievement elements.
Some of the important functional and operational factors affecting the resilience strategy are:
- Importance of the building's function to the community
- Role the building function fills in the institution or business in which it is involved
- Effect of damage and recovery on the building's surrounding neighbors and environment
- Economic importance of timely recovery of the building's operation
Building Siting and Layout
Building siting and layout should utilize a defense-in-depth approach against physical attack which considers concentric and progressive levels of defense, implemented through a combination of physical attributes (setback, hardening, access, avenues of approach, etc.), technology (CCTV, alarms, etc.), and planned operational processes for the facility. The goal is effective threat deterrence, detection, delay, response, and finally physical denial in the case of occurrence of an undesirable event.
Siting and layout should also account for potential natural hazards that may impact the site such as flooding and wildfire, high wind debris from adjacent sites, as well as potential off-site accident hazards such as hazardous substance release or explosions that may impact the site, including any compounded impact from combined hazards.
Building siting and layout must also consider expedient access to the site and the facility by first responders such as fire department, police, and medical response vehicles and personnel, including access to applicable critical infrastructure to support their individual missions.
Defensive locations for critical utilities and backup systems should be selected. Defensive locations should be considered for protection from manmade threats, natural hazards, and potential accidents with a goal of maintaining post-event operability, or rapid restoration of services based on the specific needs of the facility. Redundant utility feeds to the site (power, water, communications, gas, etc.) should be utilized to the greatest extent possible.
Site considerations should also include egress pathways and areas of refuge for building evacuees, including multiple physically separated locations with appropriate standoff distances. Elimination of line-of-sight targeting for ballistic protection should be considered in the design. Design in urban areas presents challenges in these approaches.
When designing for resilience, site selection must also consider the level of resilience of the surrounding community for the proposed site, particularly with regard to basic infrastructure and services such as transportation and deliveries, public and private utilities, and post-event availability of building tenant employees who reside in the surrounding community. For most facilities, prolonged outages and shortages in the surrounding communities will impact building resilience from a recovery perspective.
Passive measures developed to provide protection for building personnel, property, equipment, and operations against potential manmade threats and natural hazards that may test a building's resilience include the effective use of architecture, lighting, landscaping, and other building and site features specifically designed to:
- Deter threats
- Deny threats
- Mitigate the impact of threats
Perimeter protection passive design features are used to control pedestrian and vehicle access to the site. Multiple methods can be used to accomplish this for a variety of configurations and rating levels:
- Fixed Bollards—Provide vehicle control and enforced vehicle standoff, but ineffective for pedestrian control
- Fencing—Provides vehicle and pedestrian control, as well as enforced vehicle standoff when integrated with a vehicle cable system or similar measure.
- Fixed Barriers—Provide vehicle control and enforced vehicle standoff; level of pedestrian control varies widely based on type and configuration
- Curbs—Provide a low level of vehicle control and nonenforced vehicle standoff; but are ineffective for pedestrian control
- Street furniture, lampposts, and retaining walls built to withstand vehicle impacts
- Boulder fields, ha ha walls, berms, tree cover, and other landscape features
- Water retention ponds, fountains, bioswales and other water features either decorative or part of a water management system.
Redundancy, structural and façade hardening, Crime Prevention Through Environmental Design (CPTED), and locations of critical systems within and around the building or site should also be considered as passive design measures. Structural and façade hardening for blast resistance are often sufficient to mitigate many natural hazard threats.
Passive design measures should also include appropriate anchorage and attachment of exterior critical infrastructure systems for natural hazards that may impact the facility.
Active measures developed to provide protection for building personnel, property, equipment, and operations against potential threats and natural hazards that may test a building's resilience include the effective use of tested systems, equipment, and technologies specifically designed to:
- Deter threats
- Detect/report threats
- Deny threats
- Respond to threats
Active design components selected to provide these functions include:
- Electronic security and surveillance systems/networks (CCTV cameras, monitoring stations, etc.)
- Electronic access control systems (card readers, biometric readers, electromagnetic locks, intrusion detection systems, etc.)
- Electronic notification systems (annunciators, duress buttons, radios, etc.)
- Pedestrian and vehicle access infrastructure (turnstiles, doors, gates, mantraps, portals, active vehicle barriers, etc.)
- Standby emergency power with auto transfer switch and on-site fuel storage
- Wireless backup for landline communications
- Sump pumps for submerged areas containing critical functions
Operational Infrastructure versus Life Safety/Security Infrastructure
Clear distinction should be made between operational and life safety/security infrastructure when evaluating system needs during building design, as levels of criticality and prioritization for each may vary widely. Sustained operations for building operational infrastructure will vary based on tenant needs and should be evaluated to identify which systems require sustained operations, and which do not, with un-biased levels of criticality and prioritization for each. Life safety/security systems often require sustained operations through adverse events for a defined period of time.
One of the most desired goals of adequate resilience management is to try to avoid unintended consequences. For example, when devising a resilience improvement project for a particular asset of the community for flood mitigation, if the right precautions are not taken, the project could prove harmful later if/when an earthquake strikes the community (see Ettouney and Alampalli 2012b). Some of the concerns that can produce unintended consequences are: ignoring interactions within an asset or community, cascading effects, or multihazard interactions.
Intersections between Building Services
Different issues/considerations that control the operational and physical processes of assets and communities as identified in the section titled "Asset (Building) Resilience and Community Resilience" are interconnected via directional and/or non-directional links (see figures below for asset and community examples). Obviously, ignoring these linkages or interactions while performing any of the resilience management components could lead to erroneous decisions or computations, which might, in turn, lead to costly operations and the potential for unintended consequences.
Definition and Examples
Cascading effects (CE) can be subjectively defined as a failure (or severe degradation in performance) of a single consideration within an asset or community that will propagate throughout the asset or community causing additional more failures.
Whether it is an asset or a community, each is composed of different physical or operational considerations (nodes). These considerations (nodes) are interconnected / linked together in a manner that is unique to the asset or community. Note that each link can also be considered a node. The Asset Resilience figure above shows a simple example of an asset interconnectivity (network). The Community Network figure above shows an example of a community interconnectivity (network). A degradation of performance in any of these considerations (nodes) might lead to a degradation of the performance of the neighboring considerations (nodes). This degradation might continue to propagate throughout the whole network (asset or community). The degradation of performance in nodes can vary from limited degradation to complete failure of the consideration (nodes).
There are numerous examples of cascading effects (CE). Progressive collapse of buildings is a classic example of CE. Another unfortunate example of CE occurred during the 2012 super storm Sandy, in the New York-New Jersey region. In short, there are examples of CEs in the aftermath of any natural or manmade disaster.
Resilience of assets or communities is directly related to cascading effects. Large degrees of cascading effects failures within an asset or community are a sign of low resilience, and the reverse is true. Cascading effects can have an effect on the ratings of all 4Rs. For example, a structural failure of a roadway (robustness) can have an effect on recovery efforts. Lack of redundancy of power sources can have an effect on flood gates which might lead to flooding-related failures (robustness). Thus there is a need to understand cascading effects in both assets and communities of interest. Such understanding should include ways to assess and mitigate CE.
Assessment, Mitigation, and State of the Art
In order to assess CE on single assets, or communities of assets, the most important point is to enumerate a complete and accurate list of considerations/issues that affect the physical and operational performance of the asset (node), or community (network). Following the completion of such a list, an accurate estimate of how these considerations/issues are linked, and whether these links are directional, can be made. The directionality between two nodes will indicate which node affects the other or whether the linking between the two nodes is directionless. For example, in the Asset Resilience Links figure it is obvious that HVAC controls fire rating. With fire rating having a mutual (two directional) link with power which controls IT systems. The latter have a mutual (two directional) link with HVAC. Also, foundation behavior affects overall behavior of structural system which in turn can affect architectural systems. The final important step in assessing CE would be the accurate estimation of the properties of both nodes and links within the network. Following these three important steps, evaluations of the CE metrics can be possible either probabilistically or deterministically.
Assessing some of the CE metrics for an asset (node) or a community (network) of assets might constitute a first step for an asset or community manager. For if such an assessment reveals that mitigation is warranted, the effects of different mitigation options on CE should be included. It is important to note that CE can have effects on both costs and benefits of different mitigations projects. Because of this, changes of CE patterns and metrics need to be evaluated (either positive changes or negative changes) if a mitigation project is performed. Without evaluating CE changes and effects (positive or negative) unintended consequences might occur after performing mitigation projects. The figure below illustrates this unintended consequences factor.
Currently there are limited available methodologies and tools that objectively include asset (node) -based or community (network) -based CE in either assessments or mitigation efforts. Any successful CE tool or methodology needs to comprise a healthy mix of subjective and objective procedures. Subjective procedures include:
- Understating how different disciplines work in a facility
- Multihazard interactions
- Respect and inclusion of operators and managers of the facility in building up any CE model to provide ground-level validation of systems and processes.
Objective procedures include:
- Appropriate modeling of networks (Bayes networks and / or Markov networks offer a great base from which to start)
- Balance resolution of the network geometry and the ultimate objectives (assessment, mitigation, prioritizations, improved functionality)
- Balanced choice of the 4-Rs
- Balanced choice of TTR (Time To Recovery) and CO (Continued Operations).
An example of a publicly available tool that applies a simplified application of CE principles is the US-DHS sponsored Integrated Rapid Visual Screening (IRVS) tool, see the National Institute of Building Sciences, Integrated Resilient Design Program. Similar tools and methodologies are definitely needed in order to ensure higher performance and resilient infrastructures.
Higher Order and Directional Dependencies
Loss of critical infrastructure at various points within a building's supply pathways can have severe to detrimental effects on the ability of that building to effectively function (user-based dependencies). Building resiliency should also consider the far-reaching effects resulting from loss of critical infrastructure, including corresponding cascading/propagating effects projected into the community (provider-based dependencies).
Design considerations for higher order and directional dependencies include:
- Identification and prioritization of resources needed to achieve mission assurance for the building (power, water, communications, personnel, transportation, supplies/materials, etc.)
- Identification of critical nodes, redundancy, and potential single points of failure throughout infrastructure pathways
- Identifying and analyzing critical interdependencies between critical support infrastructure systems
- Identifying and evaluating the consequence of loss due to cascading effects from disruption of these interdependencies
- Identifying and analyzing the degree of inherent resiliency of the overall system and optimum time for recovery
- Characterizing the consequences of the loss of functional pathway components within the overall infrastructure system as it applies to functionality of buildings, and highlighting what's important and what's not
- Providing a clear understanding of the infrastructure architecture and system failure characteristics as they affect building functionality, including local versus global impact due to loss of a critical node, along with the degree of resiliency of the overall system and functional recovery
- Providing a holistic view of effect of effects through a systems approach.
If a hazard is defined as any event that might degrade the performance of an asset or a community, it can be concluded that assets or communities are rarely subjected to just one type of hazard. Applying this general definition of a hazard, it is believed that abnormal manmade events (such as bomb blasts) or natural events (such as earthquakes or superstorms) are considered hazards. Also consider lesser dramatic, but equally destructive processes, such as corrosion or normal wear and tear, as hazards. Ettouney, Alampalli, and Agrawal (2005) introduced a theory of multihazards, postulating that decisions regarding hazards in the civil infrastructure community will affect the resilience of the infrastructure, or community, due to any other hazard. This means that a multihazard resilience strategy needs to be implemented, as opposed to dealing with one hazard at a time. Failing to follow a multihazard resilience strategy might result in costly unintended consequences for assets and/or communities.
Examples of design implications may include:
- Securing windows against intruders for increased security may affect fire fighters' ability to enter buildings during fire emergencies.
- Moving heavy equipment to higher floors to protect against flooding of basements for lower floors can have undesired effects on the seismic behavior of the building.
- Hardening lower floor columns or walls for blast protection can result in undesired effects on seismic behavior of the building.
Post-Event Access, Response, and Restoration
External provisions such as site and building access points, avenues of approach, and equipment setup locations for accommodating rapid post-event access, response, and restoration of critical utilities and functions should be provided for emergency events, and for resiliency, should extended outages exceed the limits of any in-place backup systems. Such Recovery provisions should be precoordinated with the response agencies, with specific access points and types of services documented.
Functions for post-event access, response, and restoration to be considered include:
- External water- and fire-suppression system connections
- External emergency power connections for emergency lighting and exit signage, as well as sustained power for functions with 'operate-through' requirements, including HVAC for IT/data center operations
- Wireless backup communications for critical alarm, voice, and data systems
Hardening of facilities for events such as blast, ballistics, forced entry, and extreme wind events should also be precoordinated with first responder agencies, as entry into these locations during emergency response will be severely hampered unless appropriate measures, tools, and training are employed.
Continued Operations Goals
In assessing the importance of continued operations during design, tenant use should be paramount, as various locations throughout the building may have different needs regarding continued operations. As part of the planning and design process, evaluating the benefits of building resilience based on risk and continuity of operations should be performed. As noted earlier, this can be done using the DHS IRVS tool. Design considerations include:
- Evaluating needs for tenant-specific operations
- Identifying resiliency options to maintain mission-critical functions for each tenant
- Quantifying impact to each tenant from loss of partial or full operational functionality, including financial impact, reputation/political impact, and others
- Consideration of cascading impacts to external customers from loss of tenant operations
To maintain continued operability of the building post-event, or resumption of building operations, the building owner should be prepared to obtain MOUs/MOAs with service providers regarding priority of service and potential work-arounds to maintain/restore service.
- "A Framework to Qualitatively Assess and Enhance the Seismic Resilience of Communities" by Bruneau, M, Chang, S, Eguchi, R., O'Rourke, T., Reinhorn, A., Shinozuka, M., Tierney, K., Wallace, W., Winterfelt, D. Earthquake Spectra Journal Vol. 19, No. 4: 733-752, Earthquake Engineering Research Institute, 2003.
- ASEC Report Card for America's Infrastructure by American Society of Civil Engineers, Reston, VA: ASCE 2013.
- Costs and Benefits of Natural Hazard Mitigation by Federal Emergency Management Agency Report, Washington, DC: FEMA, 1996./li>
- Critical Infrastructure Resilience Final Report and Recommendations by National Infrastructure Advisory Council (NIAC), Washington, DC: NIAC, 2009.
- EM-DAT: The OFDA/CRED International Disaster Database by Université Catholique de Louvain. Brussels, Belgium: EM-DAT, accessed on April 2014.
- Exploring Risk Communications by Gutteling, J. and Wiegman, O. Dordrecht, The Netherlands: Kluwer Academic Publishers, 1996.
- High Performance Based Design for the Building Envelope: A Resilience Application Project Report, Building and Infrastructure Protection Series, Washington, DC: DHS 2011.
- Infrastructure Health in Civil Engineering: Applications and Management by Ettouney and Alampalli. Boca Raton, FL: CRC Press, 2012.
- Infrastructure Health in Civil Engineering: Theory and Components by Ettouney and Alampalli. Boca Raton, FL: CRC Press, 2012.
- Integrated Rapid Visual Screening of Buildings, Building and Infrastructure Protection Series, Washington, DC: DHS, 2011.
- Integrated Rapid Visual Screening of Mass Transit Stations, Building and Infrastructure Protection Series, Washington, DC: DHS, 2011.
- Integrated Rapid Visual Screening of Tunnels, Building and Infrastructure Protection Series, Washington, DC: DHS, 2011.
- Multihazard Considerations in Civil Infrastructure by Ettouney & Alampalli. Boca Raton, FL: CRC Press, 2016.
- National Infrastructure Protection Plan by Department of Homeland Security, Washington, DC: DHS, 2009.
- Natural Hazards Mitigation Saves: An Independent Study to Assess the Future Savings from Mitigation Activities: Volume 1 - Findings, Conclusions, and Recommendations by National Institute of Building Sciences Report, Washington, DC: MMC, 2005.
- Personal Communications by Hynes, Mary Ellen. Vicksburg, MS: 2001.
- Review of the Department of Homeland Security's Approach to Risk Analysis, National Academic Press, Washington, DC: NRC 2010.
- Risk Assessment: A How-To Guide to Mitigate Terrorist Attacks, Risk Management Series, FEMA 452 by Federal Emergency Management Agency, Washington, DC: FEMA, 2005.
- Risk Assessment and Decision Analysis with Bayesian Networks by Fenton, N., and Neil, M. CRC Press, Boca Raton, FL: 2013.
- Risk Management in Civil Infrastructure by Ettouney & Alampalli. CRC Press, Boca Raton, FL: 2016a.