Forwarded with with permission from www.homelandresponse.org. Copyright 2005 Penton Media Inc. http://homelandresponse.org/full_story.php?WID=13218 By Sandy Smith 04/13/2005 Terry Wood, PE, CPP, is the director of Engineering and Security Applications for Wackenhut Corp. He says effective perimeter security can range from high fences to guard patrols to motion sensors to a good lock. Wood ought to know: his responsibilities at Wackenhut include preparation of physical security system analysis, vulnerability and risk assessments, design and construction document development (drawings and specifications) and the performance of construction administration and technical consultation services. The projects he has worked on include the design of security systems for the new international airport in Hong Kong, port security assessments for a West African government, petroleum refinery security analysis in Greece, security assessment of copper mining operations throughout South America, and security analysis and support for all areas of critical U.S. infrastructure, including nuclear power plants and water treatment plants. "Some facilities have no perimeter whatsoever. Take a high-rise building, for example. There, perimeter security consists of a lock on the door," says Wood. "Then, there are other facilities that have a large perimeter that includes double fencing with motion sensors inbetween the fences, closed-circuit television, security patrols, guard stations, limited access, etc." The Plan The first step to determining if your perimeter security plan fulfills your needs is to conduct a risk assessment and take a long, hard look at the mission of your facility and the security measures you already have in place. According to Wood, a risk assessment is a tool for measuring the compliance of a facility with security requirements. The assessment is used to analyze a system or facility to identify vulnerabilities that could potentially result in losses of life, products or technology. The methodology behind the risk assessment is based on the interrelationships of four key factors: * Assets. Any useful or valuable resource. * Vulnerability. Weakness or susceptibility of an asset or a collection of assets to losses of various kinds. * Threat. An event, process or act which, when realized, has an adverse effect on one or more assets. * Safeguard. A countermeasure, control or action taken to decrease the existing level of vulnerability of an asset to one or more threats. According to Wood, "A risk equals a threat plus your vulnerability to that threat." "If you operate a corrections facility, then your plan is to keep individuals from crossing the perimeter. If your facility is an automotive manufacturing plant, then you want to protect the product and monitor who is entering and leaving the facility," says Wood. The threat at a chemical facility, petrochemical plant or nuclear power station might be sabotage or terrorism, which means limiting access to the facility and the surrounding area. An effective security plan will include: * The operational aspects of a security program, * Establishment of a proactive process to prevent security and safety issues, * An assessment of threat and vulnerability, * The utilization of and need to balance manpower and electronic solutions. Technology The first step in a perimeter security program, once you determine your risks and vulnerabilities and needs, is to assess what you've already got in place. Is it enough? Is it too much? Should you beef it up? Some facilities choose to utilize two or three different types of perimeter systems, depending on the location. Sensors placed between two lines of fencing might work in some locations, but in other locations, where you might find birds nesting between the two fences or trees or shrubbery moving with the wind, sensor technology is not a good choice. "You end up with a lot of nuisance alarms, and management loses confidence in the system. So, the sensitivity is turned way down or the system is turned off entirely," says Wood. "What good is that technology if it doesn't work for your situation?" Some sensors make use of buried cable, which doesn't work in climates where permafrost is an issue, while others utilize an infrared beam. That technology works well as long as there is nothing - including piles of snow in winter - blocking the beam. Facilities on the water - such as the airport that was recently opened in Hong Kong - present special challenges. "Boat traffic on the edge of the runway was a concern," Wood remembers. "There were limitations in the structures that could rise above the ground - such as fences - that might interfere with the landing and takeoff of aircraft." The solution was to install biostatic sensors that utilize microwaves to measure motion in volumetric space. Sonar, underwater video systems and boat patrols are other ways to protect harbors, says Wood. Lighting is another important aspect of perimeter security. Lighting is more than throwing up some light poles, says Wood. "A lighting assessment examines the facility. Is there a storage yard, truck parking, a loading dock? If you light just the façade of a building, are there other areas that can't be seen where people can run in and out?" Gatehouses pose a challenge when it comes to lighting. The interiors are usually well-lit while the exterior is sometimes dark. "Guards can't see outside. Half the time, they turn the lights out inside so they can see what's going on outside. That makes it difficult for them to work inside." The answer can be to increase the lighting outside the gatehouse or to install dimmer switches inside. Fencing, or the lack of it, can contribute to perimeter security problems. A company came to Wood and wanted a perimeter security system with all the high-tech bells and whistles: cameras, CCTV, sensors. When he went out to the facility to take a look at what the company was already doing in terms of perimeter security, Wood discovered that the fence surrounding the property had fallen down in several locations. "I don't know how often they walked around the perimeter of the fence, but that's probably a good first step before investing in technology like sensors and cameras. If whole sections of fence are missing, your perimeter security will not be great," counsels Wood. Fencing has changed since the basic chain link was invented. Electric fences are sometimes used, and new fences have been developed that curve back out toward the outside, if you are trying to keep people out, or back in toward the inside, if you are trying to keep people in. "Intruders can't get a foothold," says Wood. "You see this type of fencing a lot on bridges and overpasses." Barbed wire or razor wire at the top or between layers of fencing can be useful, while some companies utilize plantings around the foundations of buildings, such as thorny bushes, to deter intruders. Wood says special paint is available for objects such as light poles, which might provide easy access over a fence. "Sometimes, you'll have a light pole or some other type of pole that has to be there, even if it's close enough to a fence to be a concern for the perimeter. The paint makes it slippery, so the pole can't be climbed," said Wood. Signage is an effective element of a perimeter security plan, says Wood. Use signs to direct visitors to their entrance, employees to their entrance and deliveries to that entrance. Place signs in strategic places that note the area is monitored and that security is on site. "You'd be surprised how effective a security tool a sign can be," Wood states. Separating employees from visitors is a key element of any perimeter security program. Wood strongly suggests receiving visitors to your facility away from your manufacturing or processing areas. "Visitors shouldn't be in those areas unless they have received proper security clearance and are escorted by employees," says Wood. "Don't allow visitors near sensitive areas without good reason." And try to keep visitor parking outside your secure perimeter. If your facility has multiple buildings, it can be relatively easy to separate employee entrances from visitor entrances. In the case of a software manufacturer with one building, or several floors in a building, that can be more difficult, but not impossible. "Have one place, near the door or perimeter of the offices, where visitors report. Try to have another entrance for employees, but if that's not possible, have a badge or ID system that does not allow entrance to interior offices without proper credentials," says Wood. Engage Employees Employees could be one of your greatest security advantages or disadvantages, says Wood. Employees will realize a stranger is on site almost immediately, but it's what they do about it that can make or break your perimeter security program. Do they report the visitor, or do they hold open the door and allow full access to your facility? "It's human nature to see someone struggling with packages and hold open the door for them. But it's bad security policy," says Wood. "You can have great perimeter security - high fences, barricades, stopping and searching incoming delivery trucks, ID checks for everyone - and still allow a former employee to enter because you never got his ID badge back," says Wood. It can be these types of lapses that can cost you everything. Wood says he'll go out to a client who has good policies in place and will ask him, "Who controls the keys to the building? If an employee is dismissed, do you re-key the building?" The client will say that the maintenance department handles that. The maintenance department says, "We don't have anything to do with that." "We'll ask, 'How many master keys are there to the building?'" says Wood, "and the client will say, 'I don't know.' It could be that there are dozens of master keys out there, and not all of them belong to current employees." The solution, says Wood, is to make employees active participants in the perimeter security program by offering security awareness training. Have guidelines for employees about what they should do if they see a stranger walking around unescorted or without proper credentials. Instill in employees the idea that all visitors must go through proper channels and should not be allowed to walk through an open door. The security systems are in place to not only protect your facility and technology, but employees as well. For their own safety, they need to follow security policies. "Some companies think that if they invest a lot of money in technology, they will solve their security problems," says Woods. "A camera, even a very good camera, never caught anyone doing anything. It's just a tool used by security personnel who can receive the message, assess the problem and direct a response." "Physical security is the first step in a perimeter security program, but your employees and security personnel can make or break your program," he adds. _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Fri Apr 15 2005 - 04:07:17 PDT