3.2.3 Threat and Consequences of Events. Facility sensitivity/ criticality
concerns highlight the potential array of threats posed against the asset(s)
and upon the consequences of one or more of these threats occurring at the
site. Thus, a Category B facility seen in Table 1, when confronted with the
four generic levels of threat indicated in Table 2, yields an equally broad
range of potential consequences and required security system capabilities.
The planning process must initially focus upon the range of assets to be
protected by the proposed system and then carefully consider what kinds of
threat categories might try to compromise security to carry out their
mission of sabotage, theft, etc. Actual event data at the site or elsewhere
coupled with intelligence from Naval Investigative Service (NIS) or other
investigative agencies is particularly important during these early stages
of system planning. The user activity needs to define the upper range of
threat they want the security system to deter and detect. This usually
results in tradeoff analysis (cost/benefit considerations) where the
consequences of loss or compromise are not directly tied to Navy mission
capabilities of the user activity. The expenditure, therefore, of $10,000
to secure against the one-time loss of $5000 of consumable inventory is
questionable. Yet, the expenditure of $10,000 to secure the fueling
capabilities of tactical aircraft, even in the face of no prior events, may
have clear justification.
18.104.22.168 Categories of Threat. Table 2 sets forth four broad and generic
types of threat for the user activity to specify as a basis for the security
system design. In several instances, activity commanders or other elements
of the Navy or DoD may specify in detail a design basis threat and required
system performance capabilities. As in the first phase of the process
discussion (subparagraph 5 of this section), the specification of a design
basis threat is essential to determining the vulnerability of the asset.
The security system is then designed with the objective of controlling and
minimizing these vulnerabilities.
3.3 Specific Requirements of DoD and Navy Directives. Among the several
threat and site sensitivity/criticality factors that must be considered by
the system design process, the specific policy directives of the Navy and
DoD also place design parameters on alternative solutions. It is the
responsibility of the system designer to confirm the applicability of
appropriate directives issued by local activities or higher authority. In
many applications, multiple sources may be involved and, in specific types
of facilities, certification or other forms of approval will be required.
The listing of directives in Table 3 represents a nonexhaustive inventory of
sources of concern to NAVFAC shore-based installations.
3.4 Basic System Design Considerations. Several basic considerations
should guide the system designer as he proceeds to lay out the proposed
intrusion detection system. It has been proven time and again that failure
to fully consider these basic concerns will invariably lead to poor system
performance, excessive cost, and/or user dissatisfaction.
3.4.1 Know the Environment. The best equipment, perfectly installed and
maintained, can completely fail in its protection mission if the design has
failed to account adequately for the physical and operational environment in
which it must function effectively. The result is a system that becomes an
annoyance and leads to shutdown and costly retrofit.