Deputy and Court Officer — #1 2011
Change Language:
Using New Vulnerability Assessment Tools To Improve Court Security
Rod Miller And John Wetzel

New methods and new tools have found criminal justice applications with the help of the U.S. Department of Justice. "Vulnerability assessment" methods were developed by Sandia National Laboratories (SNL) for the departments of energy and defense in the 1990s. The National Institute of Justice (NIJ) funded SNL efforts to adapt the methodology for use in prisons, eventually providing training for more than half of the nation's state corrections agencies. The prison-centered vulnerability assessment (VA) tools were adapted for use in jails with the assistance of the National Institute of Corrections in 2009. Several counties have successfully applied the VA tools to improve court and courthouse security.

This articles describes the Jail Vulnerability Assessment (JVA) process, which has been the used in the court setting. Case studies of JVA use in the courts will be presented in the next issue.

Jail Vulnerability Assessment (JVA) The "jail vulnerability assessment" process builds on the earlier Correctional Vulnerability Assessment (CVA) resources that were developed by the American Correctional Association (ACA) with funding from the National Institute of Justice (NIJ) over the past ten years. This article draws from the handbook developed with NIC support.1

The approach for jails balances the depth of analysis that is provided by the CVA process with the breadth of scope and participation that is needed in the jail setting. It is based on several principles that have proven effective in the jail setting:

1. Participation. Engaging many stakeholders in the process improves the outcomes and provides secondary benefits.

2. Varied perspectives. Involving varied participants provides needed perspectives. Every participant will see different angles and pose unique questions.

3. Finding expertise at all levels. Every stakeholder, from line staffto administrators, brings experience and perspectives that are essential to the success of the process.

4. Continuous. Maintaining safety and security is a continuous process. The chain of safety and security is only as strong as its weakest link.

Jail Vulnerability Assessment materials-a handbook and the Excel-based EASI program are available without cost. Email to receive a link with which to download the JVA toolkit.

The jail vulnerability assessment process and its associated resources have the primary goals of:

Improving jail safety and security

Promoting the development and implementation of continuous safety and security improvement practices

Properly implemented, the JVA process provides ongoing opportunities to identify risks and to find the best responses.

Safety and Security Principles

Safety and security are the foundation on which all jail operations must be built.

Without effective, continuous safety and security practices, everyone is exposed to a variety of risks. Programs and services are often part of a jail's mission, but these must be built on a strong foundation.

Security is not convenient.

Implementing security practices requires time and attention and usually slows the pace of operations. Employees often suspend basic security practices in order to accommodate what they perceive to be the needs of jail stakeholders. This might take the form of propping a secure movement door open or failing to positively identify someone before allowing access to an area. Such well-intentioned actions seriously undermine facility safety and security.

Achieving safety and security requires balancing facilities, technology, and operations.

All three jail components must be sufficient and balanced in order to achieve and maintain safety and security. This document explores all three dimensions and provides tools to help assess and improve each one, and all three together.

Proper staffing is essential.

Maintaining safety and security demands sufficient staffwho are:


Directed by policies and procedures

Properly trained

Effectively supervised

Properly deployed (at the right place, at the right time)

The Jail Vulnerability Assessment (JVA) Process

The JVA process is comprised of four phases of activity. The first three phases examine every facet of the jail setting, identifying problems and concerns, corresponding causes, and solutions. The fourth and final phase sets the stage for ongoing, continuous activities.

Figure 1 presents the four phases and the steps associated with each. The process is comprised of a series of consecutive steps, each building on the preceding. To realize the most value from the process, all steps should be completed in order. However, individual phases or even steps may prove useful to address specific issues or problems, if it is not feasible to implement the entire process.

Figure 1 Each phase of work is described briefly in the following narrative.

Phase One: Identify Risks

1A. Threat Definition and Capabilities

A clear understanding and prioritization of threats is the starting point for the process. Many jails identify escapes as a primary threat. Some identify the movement of contraband, staffon inmate assaults, inmate suicides or other threats. In the court setting, vulnerability assessments have focused on protecting judges, preventing the introduction of weapons and other contraband, preventing in-custody defendants from escaping, and other threats. Users define threats that are of most concern, one of the strengths of the VA process.

Determining the capabilities of threats is also a requisite for determining if facilities, technology or operations pose a risk. For example, in many jails the small windows in inmate cells represent the exterior security perimeter-if this facility feature is compromised, there is nothing between the inmate and the outside world.

If "introduction of contraband" is defined as a priority threat, then an inmate's ability to compromise the window is of great concern. Whether or not the window is vulnerable will be affected by the inmate's (threat's) capabilities. If the inmate has assistance from the outside, the risk of window penetration is heightened. If the inmate has access to certain tools, or materials that may be used as tools, the risk is also higher. In this manner, threat capabilities help determine the level of risk.

During this phase, all facets of the facility, technology and operations are compared to threats and threat capabilities. Through a series of targeted activities, and using several analytical tools, the jail will be viewed from a variety of perspectives. This step casts a wide net to identify the full range of problems and concerns, involving many stakeholders in varied roles. This is not a security audit or inventory; rather it assesses features in the context of the specified threats. Instead of describing the characteristics of a door lock, the lock is evaluated in terms of threats and threat capabilities.

1C. Assemble Problems and Concerns and Classify

The preceding step identified dozens of problems and concerns, many of which are freestanding and not seemingly connected to others. In this step, findings are sorted and classified according to their characteristics: physical, technical, or operational.

1D. Identify Root Causes After the initial findings have been re-sorted according to their characteristics the root causes are identified. The findings are usually symptoms of underlying problems. This step of the process examines what creates the problems. For example, one of the findings might be that "booking officers are not following procedures regarding security of inmates during initial processing." Failing to consistently follow procedures could be considered a symptom, caused by a lack of effective officer supervision (first line supervision). After the root causes are identified, the findings are once again sorted.

Phase Two: Advanced Risk Identification

This phase of the process uses powerful new techniques and tools to dig deeper into risks and vulnerabilities and, in some instances, to actually calculate the probability of specific actions' success. The foundation for this work is found in the Correctional Vulnerability Assessment (CVA) materials, but in the CVA process these tasks are the centerpiece, rather than a secondary tool. Where the CVA process ends up focusing on only a few pathways that are subsequently analyzed using these tools, the JVA process ensures that the full range of problems and concerns are identified before applying advanced analysis.

2A. Develop Path Sequence Diagrams and Scenarios

This step identifies opportunities for threats to piece together a series of steps in order to exploit weaknesses in the facility, technology, and operations. Path sequence diagrams are graphic representations of facility features and set the stage for collecting data about detection, delay and response. Several scenarios are developed and data is applied at each step as a prelude to analysis using a computer program.

2B. Analyze with the EASI Programs

The scenarios developed in the preceding step are entered into an Excel-based program. Estimate of Adversarial Sequence Interruption (EASI) uses sophisticated formulas to actually calculate the probability of a threat's success. Better yet, the EASI program calculates the impact of potential solutions, modeling the value of the changes to ensure that the most effective actions are selected.

Figure 3 presents a sample EASI analysis worksheet, developed during a training program at an urban courthouse. The threat in this scenario is an assault on a prisoner who is appearing in court. The EASI program calculated the likelihood that the scenario would be stopped before it is completed. In this case, the scenario would be stopped only 23.5% of the time. Put another way, the perpetrator would succeed three out of four times.

The scenario in Figure 3 was developed and tested on site. It involves planting a weapon on the courthouse, retrieving it, assaulting the prisoner and escaping without apprehension. Each step in the process was tested, and several findings were entered into the worksheet:

"Probability of detection" (Pd)-the likelihood that the intruder will be detected at each step in the process (0.1 Pd is detection 10% of the time). Step 2 has no probability of detection because the intruder is not doing anything illegal-he/she is entering the courthouse without any contraband.

"Location" of detection within the step-beginning, middle or end. For example, Step 5, assaulting the prisoner, is detected at the beginning of the action.

"Delay" is the number of seconds that it takes to complete each step. The standard deviation identifies the extent to which the step required more or less time during testing. Step 5, for example, may take from 15 to 25 seconds, averaging 20 seconds.

The EASI program provides a compelling tool that calculates the probability of interrupting a specific scenario. More important, the EASI program provides a powerful analytical tool that tests the effectiveness of changes that might reduce risk.

Phase Three: Develop Solutions

The findings from Phase One and Phase Two are combined at this point in the process. Root causes are analyzed, leading to the identification of specific solutions, or, more accurately, "solution sets" that will reduce risk.

Phase Four: Implement Improvements

The solutions are implemented in this final phase.

4A. Implement Initial Solutions

Many specific issues will be identified the first time a JVA is conducted. Most of these will be addressed in the implementation phase, correcting the underlying causes. It is not unusual for a wide spectrum of improvements to be implemented at this point.

4B. Implement an Ongoing System

Maintaining a safe and secure jail requires continuous efforts. Changes in facilities, technology, and operations must be identified and appropriate responses must be implemented. In this, the final step in the JVA process, an ongoing system that provides "continuous safety and security improvement" is created and implemented.

The initial work of Sandia National Laboratories has found many public-sector applications. In the next issue, we will present case studies that demonstrate the value of the vulnerability assessment methodology and tools in the court setting.

Rod Miller has headed CRS Inc. since he founded the non-profit organization in 1972. He is the author and co-author of numerous texts and articles on various aspects of jail planning, design, and operations. For more information, contact him at, 925 Johnson Drive, Gettysburg, PA 17325, or (717) 338-9100.

John Wetzel is the Acting Secretary of the Pennsylvania Department of Corrections, formerly warden of the Franklin County Jail in Chambersburg, PA. For more information, contact him at