Building a Bigger Better Buffer Zone Protection Plan

Planning and managing special event security at The Ohio State University goes far beyond the management of traffic, parking, and crowd management. One of the many major events is the university’s home football games, which have an average attendance around 105,000 spectators inside the stadium and thousands more outside the stadium.

The Ohio State football game-day security operation has been reviewed by numerous outside agencies (local, state, and federal). There are requests to “shadow” the operation at almost every home game. These agencies have deemed it to be a model program.

Following so many requests to learn more about the operation, the university received UASI (Urban Area Security Initiative) funding from the U.S. Department of Homeland Security (DHS) to produce a 2009 video titled “Game On: A Large-Venue Security Case Profile.”

Buffering Vulnerabilities & Implementing Changes

A key element in the development of current U.S. homeland security contingency programs is the Buffer Zone Protection Plan (BZPP), an infrastructure protection grant program administered by DHS to help identify and mitigate the vulnerabilities of major public- and private-sector buildings and facilities. Following the 9/11 terrorist attacks, the special event security plan at Ohio State – including the procedures followed for football games – was re-evaluated and certain changes were implemented.

Over the course of the next two years (2002-2003), the security plan continued to be tweaked. Staying within the guidelines spelled out in then-President George W. Bush’s 2003 National Strategy for the Physical Protection of Critical Infrastructure and Key Assets (CI/KA), The Ohio State University’s Department of Public Safety worked closely with Ohio Homeland Security and DHS – more specifically, with the department’s Protective Security Advisor – to develop an effective BZPP for Ohio Stadium.

A major component of the initial assessment included the use of the “CARVER” (criticality, accessibility, recuperability, vulnerability, effect, and recognizability) target-analysis process to develop a threat matrix that could help identify and evaluate the university’s CI/KA, which included Ohio Stadium and the surrounding area. The CARVER tool was originally developed by U.S. Special Forces to help them target the installations of U.S. adversaries, but it continues to serve as an analytical tool to evaluate and analyze physical assets and help establish a weighted value for each of the elementsentified by the CARVER tool.

Understanding the CARVER Tool

To understand why and how the CARVER tool was useful in helping develop a workable BZPP, it is instructive to consider an overview of each of the six major elements of CARVER and how the matrix was used by Ohio State.

Criticality reflects the target’s intrinsic value. A target is considered critical when its destruction or damage would have a significant impact on operations. In the case of Ohio State, the loss of the use of Ohio Stadium would have a huge impact on not only the university itself but also on the city of Columbus and the surrounding communities. Most of the university’s football games are nationally televised, so an attack on the stadium during a game would have an instant impact on other games at other venues throughout the country. (Patrons and game-day employees are included in the Criticality aspect of the analysis.)

Accessibility is the path or route by which an extremist or terrorist element could safely reach the target with the personnel and equipment needed to accomplish its intended mission. All routes of accessibility – including roadways, pathways, waterways, railways, and even air space – were considered in evaluating the Accessibility factor. Ohio Stadium and the surrounding CI/KA possess all of these accessibility routes. This aspect of the assessment helps to identify and analyze critical access-control issues, including identifying the boundaries of the buffer zone and the locations where physical barriers, both permanent and temporary, and other security assets should be placed.

Recuperability is measured in units of time, meaning how long it would take to replace, repair, and/or bypass the destruction of or damage to the target. This aspect of the analysis helped determine how long it might take to recover from different types of attacks.

Vulnerability identifies the relative “ease” of carrying out various types of attack. In determining the vulnerability of a target, the scale of what is considered to be a “critical component” must be compared with the capability of the attacking individual or force to destroy or damage that component. This aspect of the analysis was key in helping to identify the “amount” of damage required, and the assets it would take to damage or destroy the stadium and/or surrounding CI/KA. A comprehensive vulnerability analysis also includes determining the materials that may be on-site that could be procured and used against a specific target. All people present – football fans; patrons and sponsors; players, coaches, and officials; and workers (including public-safety personnel) – must be considered as CI/KA assets when evaluating this aspect of the process.

Effect is the measurable amount of probable direct loss from an attack and the impacts at the target and beyond. In this part of the process, it was important to think like the terrorist. The big question was, “What in this context addresses all significant effects, whether desired or not, that might result after the selected target component actually is attacked?”

Recognizability measures the relative “ease” of identifying a target. In this case, Ohio Stadium is very easily recognized – and is also on the National Historical Registry. The university’s home games are televised nationally and mentioned in the media on a regular basis. Moreover, most large venues of any type tend to be attractive targets for terrorist activity.

Assess, Develop, Process & Reevaluate

As with most risk-assessment tools, CARVER does involve a certain degree of subjective probability, which is defined by DHS as the “interpretation or estimate of probability as a personal judgment or degree of belief about how likely a particular event is to occur, based on the state of knowledge and available evidence.” An inherent flaw in subjective probability, of course, is that it is susceptible to personal bias. For that reason, it is important that the team conducting the assessment reach a consensus when establishing values for the grading scale.

Use of the CARVER process in 2003 helped, among other things, to: (a) identify, analyze, and evaluate Ohio Stadium and the surrounding CI/KA; (b) define the boundaries of an appropriately sized buffer zone extending outward from the stadium; (c) identify not only assets that might be targeted but also specific threats and associated vulnerabilities within the buffer zone; and (d) assist in the development of preventive and protective measures that would make it more difficult for terrorists to successfully target and attack the stadium and/or the surrounding CI/KA.

Security planning is not the development and use of a static one-time operational tool but a continuous process. As threats and technology continue to evolve, so must the art and science of security planning. In 2009, with the assistance of Ohio Homeland Security and DHS, the initial BZPP was reviewed and updated. An Infrastructure Survey Tool (IST) – similar to the Risk Self-Assessment Tool (RSAT) – was used for part of the update. The IST, which was particularly useful in the review process, is a web-based vulnerability assessment tool that applies weighted scores to identify vulnerabilities and trends. In addition to using the IST, the original CARVER assessment was revisited.

Overall, the BZPP became a major part of the framework for the all-hazards Public Safety Game Day Operations Plan. Among the other positive aspects of new security plans that evolved and improved during the BZPP process were even closer partnerships with and between agencies and grant resources that further enhanced the planning, equipment, and training needed to mitigate both site and buffer-zone vulnerabilities.

For additional information on: Requesting access to the video “Game On: A Large Venue Security Case Profile,” visit

Richard Morman

Richard Morman has been with The Ohio State University Police Division for 27 years and is currently the deputy chief of police. He is a certified protection professional through ASIS International and a certified personal protection specialist (PPS) through the Executive Protection Institute. He is the section chief for the Homeland Security Contingency for Ohio State University football games. He holds a security clearance and is the terrorism liaison officer for Ohio State University police. He has presented at national conferences and is considered a subject matter expert on the topics of fan behavior and celebratory rioting, large venue security, special event security planning and management, and executive protection. He attended The Ohio State University, graduated from the Police Executive Leadership College, graduated from the 225th Session of the FBI National Academy, and holds a certificate in Law Enforcement Education from the University of Virginia.



No tags to display


Translate »