When a major casino operator in Macau was six weeks out from opening a second phase of its resort development, senior management realized that the in-house security design had not been subject to third-party review or validation. Arup’s Hong Kong–based Resilience, Security, and Risk practice was asked to carry out a sitewide assessment, identify significant vulnerabilities and resulting risk levels, and manage the implementation of the necessary solutions in the short time remaining before opening.
The Macau casino project burgeoned into something bigger than originally intended. Arup’s initial review identified a number of operational practices that had been acquired over time and were obstructing the effective implementation of security. The team was tasked to address these, and to review policies and procedures. The project was then phased, initially focusing on critical measures required to be put in place for the opening. A follow-up phase closed out the second-tier items. The fast-track nature of the assessment posed a major challenge to a small team. Some team members reported to the site for a single area assessment and left 48 hours later, having slept on the property.
In the end, opening day was incident-free. This was due, in part to the successful collaboration in operational planning for crowd management and incident response at the opening day events, and the involvement of Arup’s traffic team, which modeled crowd movements.
Founded in 1946 as a civil and structural engineering firm, Arup came to international prominence with its design of the Sydney Opera House, which opened in 1973. Arup currently has more than 10,000 employees and has added some 25 more disciplines to its repertoire, including all the major engineering specializations, as well as planning, transport, environmental, security, and risk consulting
Though Arup’s Resilience, Security, and Risk practice for East Asia is headquartered in Hong Kong; team members are also located in London, Singapore, Australia, and the United States. The Hong Kong group comprises 10 staff members who specialize in risk, security planning, and design. The team tackles everything from the initial risk assessment to intelligence, threat vulnerability studies, and natural hazards risk assessments. Through integration with specialists in other disciplines, and in other regions, it is able to conduct detailed analysis and modeling for specific risks such as explosions and earthquakes.
The team’s geographical range runs from India to Japan, working primarily on complex projects for major corporations. While some projects have more of a traditional security design focus, many require innovation. Some are new builds and some are major refurbishments or retrofits, and jobs range in duration from a few weeks to many years.
Because Arup is independent—not affiliated with any products or services—its advice is free of vendor bias. This allows the company to more easily spot overarching trends. Following is a discussion of emerging markets and security trends the group has witnessed in Asia.
Arup has consulted for more than 100 airports within the last five years—ranging from some of the world’s largest international hubs to smaller regional airports. The company has identified several aviation security trends surrounding compliance, technology, expansion, and customer service.
Compliance. In the Asia-Pacific region, aviation is a growth market. This growth is driven from a national level as governments see the value of hosting international airports. Along with the airports comes an increasing awareness of the value of international security compliance standards.
Work with individual airports is designed to determine how many of the domestic and international standards are going to affect a particular aviation operation. In airports with large hub capacity that are focusing on hosting international flights, becoming fully compliant with international regulations is imperative.
However, compliance with security regulations can help an airport of any size become a true competitor. For example, in Hong Kong there is no requirement for screening of U.S.-bound cargo because it is coming from a known and trusted airport that meets international screening regulations. However, airports in mainland China do not meet these regulations, meaning that U.S.-bound cargo must be thoroughly screened. This gives Hong Kong an advantage. Were airports in mainland China to gain that advantage by complying with tougher standards, they would be elevated and Hong Kong would no longer have an advantage.
These regulations apply to both the passenger and cargo sides of the operation. Currently, the European Union and the U.S. Transportation Security Administration issue regulations for passenger screening, and the U.S. Department of Homeland Security issues regulations for screening of cargo.
Another challenge is to keep an eye on the future of airport security policy. This policy analysis then drives what happens on the ground in terms of recommendations to clients. This is critical to maintain flexibility for the airport’s future security needs. For example, the sheer size of security equipment, both current and future, must be factored in to design specifications.
Technology. Another development in aviation security is the increasing awareness of technology and how essential it is in meeting requirements and combating threats. In this arena, airports must predict where the industry is moving and the implications of this for their operations.
For example, security practitioners in Asia are now debating the merits of metal detectors versus full-body scanning. Arup counsels that body scanners are the future, but there is still resistance from aviation security professionals, especially in India, due to cultural concerns around privacy.
Security influences the structure of the airport itself, and assessments frequently find that changes need to be made to load-bearing capacity and ceiling heights to accommodate the newer screening equipment, which is typically heavier and taller.
One client that is developing multiple airport facilities—some international and some with ambitions of being international—had questions about capacity. They wanted to know the maximum volume of passengers and cargo that could be pushed through the new spaces. Airport operators had to be refocused on basic security needs, analyzing airport perimeter protection before turning to passengers, baggage, and cargo. These basic security assessments are a necessary precursor to design solutions, because the most technologically advanced terminals in the world are vulnerable without adequate perimeter security.
Expansion. In addition to building new airports, there is a strong trend in the Asia-Pacific region to expand, upgrade, and enhance existing facilities. The challenge for airport owners and operators is to balance space demands among security requirements and other uses that are seen as commercial income generators.
With expansions, most of the work is done at the design level because the physical space is already established. In these cases, research on future trends is conducted from an operational perspective, applying benchmarking and best practices.
An example of this is check-in baggage screening. A standard system can always be designed to meet current needs, but security requirements are constantly changing with a lead time of up to nine years. With this knowledge of where the industry is going, designs can reserve space for specific types of technology.
Customer service. As airlines and airports in Asia introduce changes to enhance the passenger experience, the challenge for security is to ensure effective screening while keeping intrusion and disruption to a minimum.
To do this, operators are urged to promote security as a selling point. While airports such as Amsterdam and London Gatwick have embraced this philosophy, selling that message in a positive way in the Asian market has been a challenge. The airports that have employed this approach have totally revamped the passenger security experience, making it more pleasant and less stressful.
Some airports in Asia also try to benchmark their security against insurance. If airports have a quality security plan, they can negotiate an insurance discount. This is still quite a new concept for some airports, so more education is needed to demonstrate to airports that their up-front investment in security can yield rewards through lower insurance premiums.
Casinos in Asia are technologically advanced but challenging environments that require large surveillance operations. Examples of this can be found on the island city of Macau—a gambling attraction known as the “Las Vegas of Asia.”
For casinos, a detailed security plan is critical. For example, one casino client provided little input, asking for a standard layout. Once the casino opened, it was obvious that the cameras were in the wrong places, and significant changes to the camera configurations were needed. Like any other complex operation, casinos are urged to make decisions early and test them thoroughly.
This is the approach for a new building project, Wynn Palace Macau. One of the most revolutionary facilities in Asia, Wynn has more than 7,000 cameras and thousands of access-controlled doors. The casino has exacting requirements for camera coverage of gaming tables—sometimes requiring multiple angles on the same location—and this can compound the security challenge. Each gaming table requires a different configuration to accommodate the rules of the game, and Wynn has hundreds of tables.
In addition, the level of detailed design required can also be extremely challenging. Wynn has exacting design standards for architectural finishes, which must be considered in the camera layouts. These also extend to the landscaping, where integration of the cameras into the luminaires was initially considered before a bespoke camera-mounting structure was eventually devised.
Casino operations go beyond gaming, and casino security goes beyond surveillance. Such operations face the usual challenges of access control associated with the hospitality environment—some casino properties integrate up to five independent five-star hotels within the development. In addition, the security plan must account for the movement of thousands of employees with different jobs, all with different access rights. With staff drawn from all over the region and comprising dozens of nationalities, there are challenges for communication, training, and the creation of a security culture.
Master Planning Districts
With burgeoning growth in recent years, city master planning has come to the fore as a design discipline. In Malaysia, Kuala Lumpur’s International Financial District (KLIFD) is intended to create a new financial services hub, clustering private sector tenants, key regulators, and high-end residential, as well as hospitality and commercial elements. The district is built around a landscaped area that uses crime prevention through environmental design (CPTED) principles.
The focus is on framing a security master plan to be adopted by successive project teams because KLIFD is being developed over an extended period of time. Instead of a single concept design for translation into construction, the project is focused on a philosophy of security, which, with some fixed elements, could be applied and interpreted by successive design teams, possibly from different commercial entities. The layout of major spaces such as standoff from public roads, the design of the shared utility tunnels, and security command, control, and communications infrastructure was set at an early stage. Security design for individual structures has been left to various design teams working under a set of guidelines for each of the different categories of space in the project.
In China, owners of the tallest tower in Beijing, located in the central business district, wanted an evacuation plan. The building covers an entire city block and holds more than 20,000 people. As part of the plan, the building is now linked to a districtwide management system that will notify building managers of any emergency that takes place in the district, such as a bomb scare in another building.
Another large planning project is the Macau Zhuhai Bridge. When completed, the bridge will connect the island of Macau to Hong Kong at a border-crossing facility adjacent to the airport. The plan for the project, which is a major Pearl River Delta infrastructure initiative, envisages commercial development in the border-crossing area and requires detailed coordination with the CIQP (customs, immigration, health services, and police) agencies who will service this new land border to China.
Some of the same issues were also addressed in security planning for Hong Kong’s new high-speed rail connection to Guangzhou, China’s “southern capital” and third-largest city. Another major infrastructure project, this has seen close collaborative work with the same CIQP agencies and the railway operator, detailed risk assessments for individual structures, and a resilience review for the main Hong Kong terminus.
Hong Kong has positioned itself as a regional data center hub, with government support and heavy investment from financial services and telecom providers. Typical security needs for data centers include threat, vulnerability, and risk assessments; concept and detailed design for physical and electronic security equipment and systems; and construction and installation supervision.
Data center operators focus on availability, while end users are typically more concerned with the confidentiality and integrity of data and applications. This—and the fact that operators sometimes include nondata functions, such as employee break areas, in the design—means that security must provide for multiple levels of access, auditable controls for restricted spaces, and both monitoring and confidentiality for other areas.
Minimum perimeter screening is mandated, but where the screening takes place—at the main site entrance or in the lobby—is at the discretion of the facility owner. While some degree of vehicle screening is common, screening people in commercial buildings is still relatively unusual in many parts of Asia.
Other data center clients have specific concerns, ranging from blast effects and mitigation to whole-facility risk from fire, flooding, and systems failure, as well as security risk.
One common feature of all projects is that they all start at the strategic level, and security strives to be involved early in the project. If a company plans a security screening area poorly, for example, it is difficult and expensive to redesign it later.
Putting a proper operation and maintenance plan is place is also critical. Major international clients have seen sophisticated solutions fall apart because they are not maintained. In Shanghai, for example, two new buildings were erected with state-of-the-art security systems. However, the systems were not maintained and had to be replaced five years later.
As economies in Asia continue to grow, security will continue to be a factor in building projects. Risks will also evolve, requiring that security practitioners stay current on the latest trends and how they fit into the various cultures in the region.
Damian Ryan leads Arup’s security consulting practice in East Asia from the company’s Hong Kong office. A former Hong Kong police officer, Ryan has 30 years’ experience in public and private-sector security planning in the region. He is a member of ASIS International. Mark Turner, with the Hong Kong office of Arup, also contributed to this article.