premises to categories of vulnerability that may appeal to an adversary.
Bearing in mind that Roper envisions a technology-driven, state-of-the-art physical plant that is guarded with government-level security personnel or physical protections, it is possible nevertheless to recognize that within each category of vulnerability, specific evaluations of the current strength position of any facility are required. The first category consists of physical vulnerabilities, which relate to such issues as the perimeters and security features thereof, such as alarms, cameras, ingress and egress sites such as docks, parking, fences, and the like. Technical vulnerabilities refer to high-end operational technology; Roper cites acoustic equipment, secure phones, and radio equipment. Operational vulnerabilities refer to the human factor, involving not only security personnel per se but also the personnel who are involved in day-to-day operations, as well as operational-security personnel whose function it may be to work under cover onsite as security operatives (p. 65).
The key is to sight the limits of security measures that are already in place, asking whether they "really perform the job as they are intended to" (p. 65). In order to accomplish this, Roper recommends, as in previous chapters, consulting with security experts. If that is not an option, for example in a nongovernment facility (or even if it is), then the next best option is to "use a structured format" for analysis. There two parts to this format: a series of key questions regarding type of protection is in place and what type of adversaries are anticipated, effectiveness and history of countermeasures, malfunctions, and maintenance. The second part of the format is a m
...