|FHWA > Bridge > Security > Recommendations for Bridge and Tunnel Security > Section 5 Planning, Design, and Engineering Recommendations|
Recommendations for Bridge and Tunnel Security
Section 5 Planning, Design, and Engineering Recommendations
Because of its heterogeneity in size and operations and the multitude of owners and operators nationwide, the transportation infrastructure network in the United States is highly resilient, flexible, and responsive. Unfortunately, the sector is fractionated and regulated by multiple jurisdictions at state, federal, and sometimes local levels. The size and pervasive nature of the U.S. transportation infrastructure poses significant protection challenges. However, these protection challenges can be mitigated through technical collaboration and coordination.
5.1 Review and Prioritization Process
A process is necessary for prioritizing all bridges and tunnels with respect to their vulnerability in terms of their criticality of the ability to deter, deny, detect, delay, and defend against terrorist attacks. In addition, a risk assessment model must be developed as a framework for evaluating alternatives for thwarting attack.
Several agencies have developed methods for identifying and prioritizing critical transportation assets, and these methods share many commonalities. The prioritization procedure outlined in the AASHTO's methodology uses a set of critical asset factors to identify assets that are important to achieving an agency's mission. Next, the AASHTO methodology assesses the vulnerability of these critical assets to terrorist attack based on target attractiveness (potential casualties and symbolic value); accessibility (access controls and physical security); and expected damage (including environmental hazards). The TSA approach determines relative risk as a function of relative target attractiveness (an assessment of the target's importance and consequences); relative likelihood of occurrence (an assessment by TSA Intelligence of the likelihood of occurrence, as compared to the other scenarios); and vulnerability (a measure of how likely the terrorist is to achieve the threatening act given that an attempt is made). Relative risk is re-calculated based upon the implementation of a suite of countermeasures, including the implementation of people, procedures, and/or technology to reduce vulnerability.
The panel considered and rejected several options:
Because national prioritization of funding will be required, the process of evaluating proposals to enhance bridge and tunnel security must be a joint effort by federal and state agencies and other owners and operators.
The large number of bridges (600,000) and tunnels (500) lends itself to a two-tier approach: prioritization and risk assessment. The first tier, prioritization, is typically most efficiently done in two steps. The first step is a data-driven approach, such as that used by the Texas Department of Transportation (TxDOT), for ranking bridges using common criteria. The National Bridge Inventory (NBI) provides much of the data needed for this step. In the second step of prioritization, additional data comes from owners and operators familiar with specific characteristics of the facilities and the services they provide. In this first tier ranking, prioritization of bridges and tunnels should be based on characteristics such as the following:
The second tier is a risk assessment of high priority bridges taken from the first tier (prioritization) to determine vulnerabilities and evaluate countermeasures to deter attack and/or mitigate damages. The risk, R, to the facility is determined following an approach similar to that developed for seismic retrofit and can be expressed as follows:
R = O x V x I
O = Occurrence: In the general form of the risk equation, this factor is hazard oriented and will change with the nature of the hazard. In the context of this report, the occurrence factor approximates the likelihood that terrorists will attack the asset. It includes target attractiveness (from the perspective of the threat), level of security, access to the site, publicity if attacked, and the number of prior threats. Input into this factor typically comes from the law enforcement and intelligence communities familiar with threat and operational security measures.
V = Vulnerability: In the general form of the risk equation, vulnerability is an indication of how much the facility or population would be damaged or destroyed based on the structural response to a particular hazard. In the context of this report, vulnerability is the likely damage resulting from various terrorist threats (weapon type and location). It is a measure of expected damage, outcome of the event, expected casualties, and loss of use, all features of the facility itself. Input into this factor typically comes from engineering analysis and expertise.
I = Importance: Importance is a characteristic of the facility, not the hazard. In principle, importance is the same for any hazard. Importance is an indication of consequences to the region or nation in the event the facility is destroyed or unavailable. Is the facility on an evacuation or military mobilization route; is it likely to be used by first responders to emergencies; what is its historic and associated significance; what is its peak occupancy? Input into this factor typically comes from owners, operators, users, and beneficiaries of the facilities, often governmental sources, and will use factors similar to those used in the first tier prioritization.
This formula properly expresses the interaction among the three factors. Dominant factors magnify risk; negligible factors diminish it. Other formulas, such as models that add the factors, fail to account for their interactive effects. For example, in the absence of a threat ('O'=Ø), the risk should be zero as this model provides; additive models would have a residual risk. In the multiplicative model, eliminating any one factor to zero (or near zero) reduces the risk to near zero (e.g., low importance leads to low risk regardless of other factors).
The countermeasures that reduce the risk associated with an asset may be designed to reduce the occurrence factor (e.g., make the asset less accessible); the vulnerability factor (e.g., harden the facility to reduce damage); or the importance factor (e.g., add redundant facilities to reduce dependence on the asset).
A case study illustrating application of this risk assessment approach to bridges and tunnels is provided in Appendix C.
The panel recommends a state identification and prioritization of bridges and tunnels, followed by a federal re-prioritization for federal funding based on the following:
Near-term (3-6 months):
Mid-term (6-12 months):
Long-term (12-18 months):
5.2 Research and Development
The analysis of current structural components and their behavior to blast loads is recognized by the panel as key to understanding the proper and most efficient ways to mitigate terrorist attacks through structural design and retrofit. Table 2 lists key structural bridge components that the panel considered.
The goal of the R&D initiatives recommended here is to create empirically validated computational tools, design methods, and hardening technologies to assist in "designing for the terrorist attack." The recommendations have one or more short-term and long-term elements and all are directed to FHWA, AASHTO, and other government-sponsored research activities, including universities and federal laboratories. Additionally, these five recommendations are interrelated and interdependent and should be pursued simultaneously:
In addition to these R&D recommendations, the BRP suggests AASHTO work with university engineering institutions to develop R&D programs for students and bridge professionals to address security concerns. The panel recommends that DHS work jointly with industry and state and local governments to explore and identify potential technology solutions and standards that will support analysis and afford better and more cost-effective protection against terrorism. 
5.3 Design Criteria
The acceptability of a threat is the criterion for determining how to design for the threat. Performance level design is based stating assumptions and setting expectations and goals. These factors could include threats, casualties, damage, and recovery. To set a performance level design criteria, the design process must first be described, taking into account the potential threats to the existing or planned bridge or tunnel. The panel recommends that bridge and tunnel owners and operators use the following six-step process:
As an alternative possibility for acceptability criteria guidance, the bridge owner may consider what sort of time frame it can handle for loss of service. For example, if the time frame is 13 days, then the bridge owner can determine what sort of threat type (from car, boat, etc., or size of explosives) could potentially do this damage, and mitigate for this threat.
The recommendations for design criteria are based on various mitigating strategies. Owners have the choice to mitigate the threat (preventing terrorists facility access), mitigate the consequence effect (lessening the effect from an attack), or apply both options.
The following are examples of approaches to mitigate threats:
The following are examples of approaches to mitigate consequences:
FHWA, in collaboration with AASHTO and TSA, should use the countermeasures development and evaluation methods described in this section to assess countermeasure effectiveness. Typical countermeasures to be considered are shown below and in Appendix A. Countermeasures should be ranked and implemented based on the cost-benefit analysis approach described here.
5.4 Technology Development And Dissemination
The overall objectives in the area of technology development and dissemination are to: (1) develop a bridge and tunnel security technical program, including cost estimates and resources; and (2) develop an educational curriculum for students and bridge professionals.
The panel has determined that a sufficient body of knowledge exists to assemble an interim structural assessment/design guide based on the following:
 The BRP recognizes that the AASHTO Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protectionis the current methodology and acknowledges it as a starting point for prioritizing bridges and tunnels; however, prioritization of bridges and tunnels requires more specific criteria and methods, such as those recommended later in this report.
 Transportation choke points (e.g., bridges and tunnels, inter-modal terminals, border crossings, and highway interchanges) present unique protection challenges. Overall understanding of infrastructure choke points is limited. Common criteria for identifying critical choke points are therefore difficult to establish. We must undertake a comprehensive, systematic effort to identify key assets, particularly those whose destruction or disruption would entail significant public health and safety consequences or significant economic impact. . . . A major reason for this lack of synchronization within the sector is a paucity of funds to promote communication among industry members and facilitate cooperation for joint protection planning efforts. As a result, the sector as a whole has neither a coherent picture of industry-wide risks, nor a set of appropriate security criteria on which to baseline its protection planning efforts, such as what conditions constitute threats for the sector, or standards for infrastructure protection or threat reduction. The sector's diverse and widely distributed constituency complicates this situation. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, The Office of the United States White House, Washington D.C., 2003.
 A Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection, prepared for AASHTO by Science Applications International Corporation, under NCHRP Project 20-7/151B, May 2002.
 Briefing to the FHWA/AASHTO Blue Ribbon Panel on Bridge and Tunnel Security presented by Tom Reilly, Transportation Security Administration, Department of Homeland Security, March 27, 2003.
 "Transportation Security Update," briefing presentation by Tom Rummel, P.E., Project Development Section, Bridge Division, Texas Department of Transportation, February 2003.
 Revenue streams associated with facilities may not make them attractive targets, but their loss could seriously affect the economic viability of entities that depend on revenue derived from them to maintain continuity of operations.
 The proposed approach is consistent with the approach suggested by the TSA and with approaches currently used by entities that have completed or are performing risk assessments.
 National Needs Assessment for Ensuring Transportation Infrastructure Security, prepared by Douglas B. Ham and Stephen Lockwood, Parsons Brinckerhoff, for the American Association of State Highway and Transportation Officials (AASHTO) Transportation Security Task Force as part of NCHRP Project 20-59, Task 5, October 2002.
 One recommendation related to transportation infrastructure is to "harden industry infrastructure against terrorism through technology. DHS will work jointly with industry and state and local governments to explore and identify potential technology solutions and standards that will support analysis and afford better and more cost effective protection against terrorism." The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, The Office of the United States White House, Washington D.C., 2003.
 See Appendix C for a case study of the application of this design methodology.