Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Financial Accounting

Running head: A BIZARRE APPLICATION OF APA

advertisement 
Physical Security
Running head: Physical Security
Physical Security Week 3 Assignment
Michael R. Vest
Paul Baker
Physical Security SMGT 315
September 5, 2009
1
Physical Security
Abstract
We examine five questions that will discuss the perceived role of physical protection, the
advantages of protection-in-depth over a single secure level, the advantages of combining
sensors for detection, the use of guards verses sensors as first line of defense and why, and what
constitutes a false alarm excessiveness.
2
Physical Security
3
Physical Security Week 3 Assignment
Chapter 5:
“1. It is often said that the role of physical protection is to encourage the adversary
to attack someone else’s plant. Is that the role of physical protection?” (Garcia, 2008)
The role of a physical protection system (PPS) is to “integrate people, procedures, and
equipment for the protection of assets or facilities against theft, sabotage, or other malevolent
human attacks” (Garcia, 2008). PPS being a tool to divert adversaries to another organization is
more perception that fact. PPS uses a balance among security tools to reduce the enticement of
the carrot. If a rabbit can easily eat the carrot from a garden without fear, it will do so. If the
rabbit must cross a fence, outwit a dog, and outrun a farmer, it will look for food elsewhere.
Organizations that say PPS is used to divert adversaries to someone else’s plant is
looking for an excuse because they chose to implement no PPS system, a single layer PPS, or a
poorly designed PPS. While a good PPS will divert adversaries from an organization, it was not
intended to re-direct them to another organization directly.
PPS is used to detect, delay, and respond to current, perceived, and future threats. As
stated by Fennelly, “statistics have shown that terrorists choose the targets that provide at least an
eighty percent chance of success” (Fennelly, 2004). Most terrorist are educated, trained, and
follow strong beliefs when targeting an organization. They need their mission to be successful to
prove their point. What seems to be a common theme among terrorist and thieves is the success
rate. While a terrorist and professional thieves may use the 80% and above rule, the common
criminal seem to like the odds higher.
If an adversary has multiple obstacles to clear before acquiring the target, they must
factor in their success and capture rate. If the target has perimeter fences, fixed guard posts,
Physical Security
4
watch dogs, security cameras, etc. than the chance of getting caught go up with each detection
method. In the case of watch dogs, upon detection, delay and response are almost instantaneous.
The chance of success is not viable for the adversary when in comparison they can attack the
next business that only has a fixed guard post. The success chances go up while capture chances
go down. A prime example of how an adversary may choose targets was in a recent computer
store burglary that was caught on security surveillance. The PPS initially looked like it had plate
glass doors, alarm system, and armed security guard response; however, the first line of
deterrence, a plate glass door, appeared to not be polycarbonate and was easily smashed (Fischer,
Halibozek, & Green, 2008). The equipment also appeared to not be locked down to the display
cabinets. The response time was less than thirty-one seconds by armed security guards. In this
case the lack of a good PPS provided a high success rate for the group of criminals. They
acquired $30,000 in computer equipment in thirty-one seconds.
Is the business owner going to blame the other stores who had polycarbonate glass
installed, a chain link gate, or on-site security guards, who knows; but it does show how the other
security tools of the surrounding stores may have directed the thieves to an easier target. If that
was the case, the PPS did it job to protect the assets and interests of the business owners who
took the resources to secure their facilities against attacks.
“5. What is the advantage of a system with protection-in-depth compared to one that
is very secure at one level?” (Garcia, 2008)
The advantage of protection-in-depth over a very secure single layer is multifold. The
first thing to remember about any security system is that it can be defeated (Garcia, 2008). The
goal of protection-in-depth is “that to accomplish the goal, an adversary should be required to
Physical Security
5
avoid or defeat a number of protective devices in sequence” (Garcia, 2008). When only a single
level of security is used, once it is defeated, the adversary has full access to their goal; whereas
protection-in-depth establishes numerous chances for the adversary to be detected, delayed, and
responded to by security. Within a protection-in-depth system, each layer complements each
other. As on a military base, the perimeter fence in the first layer of defense. That first layer of
defense is complimented with in-ground sensors, security patrols, and in-line sensors along the
fence. Each of these elements complements each other and also covers the others in the event
one element is defeated.
A protection-in-depth system increases security chances to capture and detain an
adversary verses a single layer system. When multiple layers of protection exists and an incident
is detected, there is time for the security teams to assess the detection to confirm the validity of
the alarm. A good example would be a manhole cover that is alarmed by a university animal
research lab. When the alarm is activated, the security team is advised and dispatched while the
situation is monitored. As the guard verifies the manhole looks slightly ajar, a second alarm
triggers in the science building. Because the first alarm created a heightened awareness, as the
second alarm is activated, the delay and response are shortened and the adversaries have a higher
rate of being captured. If the manhole cover was only a single layer of security, the guard may
have ruled it as a false alarm because it was only slightly ajar and missed the actual incident
within the research facility.
Targets that have single layer or protection will be targeted over targets with multilayer
protection. This is because of the success factor that adversaries must figure in to achieving the
goal. If an organization only has single layer of defenses, no matter how good, the adversary
only has to defeat that layer and the success rate is in the eighty percent plus range. If an
Physical Security
6
organization has multiple layers of protection, such as microwave detectors, seismic sensors,
armed guards, dogs, electrified fences, etc., the adversary must defeat each one of these elements
to achieve their goal. Detection, delay, and response are adversary’s enemies. The adversary is in
a race against the clock. If an adversary spends too much time defeating each element for a
protection-in-depth system, their chances increase dramatically of getting detected, delayed, and
responded too by security. This means their chances of success will drop with each element they
must defeat. Many adversaries will not attempt to attack a target unless they have at least an
eighty percent success rate or higher according to Fennelly (Fennelly, 2004).
Chapter 6:
“3. What are some of the advantages of combining sensors outputs in an AND
configuration?” (Garcia, 2008)
The first thing to understand is the AND gate. A AND gate represents events that will
occur when all conditions applying to the AND gate occur. If any condition of the AND gate is
prevented, the event will not take place. Security uses AND gates when determining layers of
defense systems and the conditions that will trigger the event.
As noted by Garcia, all security systems can be defeated (Garcia, 2008). One of the
advantages of the AND gate in design is in computing the probability of detection or PD and
confidence level (CL) (Garcia, 2008). In a perfect scenario the PD and CL would equal one
hundred percent. Since no sensor will ever achieve a perfect one hundred percent or 1.0, we
combine an array of sensors that compensate for each disadvantage in an attempt to achieve the
best combined result that will get us close to one hundred percent or 1.0 by using an OR Gate.
Physical Security
7
Sensors that are used for security today are readily available for purchase as are their
blueprints, design limitations, and whitepapers. With the advent of the internet, defeating
security sensors has become easier for the adversary willing to spend time in conducting
research. By using a combination of sensors and the AND gate function, security designers can
ensure a better chance of detection and reduce the amount of nuisance and false alarms that
security must respond too.
External sensors fall into one of five categories. These categories are “1.) Passive or
active, 2.) Covert or visible, 3.) Line-of-sight or terrain-following, 4.) Volumetric or line
detection, and 5.) Application” (Garcia, 2008). Each of the sensor categories complements each
other’s disadvantages and can increase the probability of detection when used in groups. When
designing the ANG gate event, remember that the assets or facility that is being protected will
drive the conditions. A nuclear power plant will have more inputs to trigger and event verses a
small business. A recent article by Matthew Harwood noted how nuclear power plants across the
country are switching to computer base fire monitoring systems to monitor fire alarms and
systems within the facilities, reducing the need to have physical fire patrols (Harwood, 2009).
By combining sensors of different types, alarms can be triggered when a true incident
verse nuisance or false alarm occurs. For example to protect the base perimeter, one might set the
conditions for an alarm only when pressure around the fences is changed, a fence is cut or
climbed, and infrared sensors detect movement. Because each of these alarms can be set off
individually by wind, fog, storms, adversary defeat, or digging under the fence, we can combine
them into single conditions that input into an OR Gate and trigger the alarm. The pressure sensor
covers the infrared method if the adversary attempts to dig under the fence. The fencedisturbance sensor senses the movement or cut within the fence material and is also covered by
Physical Security
8
pressure sensors in the ground. The Infrared system monitors the area around the fences with
multi-beam visibility while offset by the other two types of sensors. The conditions in this
example would be when an adversary triggers the infrared system, climbs or cuts the fence, and
digs or lands on the ground. At that exact instant any of the three conditions are met, the alarm is
triggered for the detection process. Now the security completes the assessment function to
validity the incident.
Another advantage of the AND Gates is combining other systems and their sensors to
monitor detection. A PPS may have it designed that if a covert pressure sensor and a line-of-site
sensor are triggered, all lights on the perimeter turn on. This event could trigger video
surveillance system to scan for target for sixty seconds. This event in turn is tied to a AND gate
that requires all perimeter lights on and video confirmed movement within the sixty second
window. If these two conditions are met, the AND gate to trigger the alarm and automatically
close the base gates is initiated.
By combining various sensor types and detection methods into groups that complement
each other and creating conditions that reduce the potential for nuisance and false alarms, the
adversary’s chance for detection, delay, and response are increased and at the same time allows
the PD and CL to move close to its goal of one hundred percent or 1.0.
“7. In what situations would a member of the protective force (guard) be used
instead of exterior intrusion sensor? How effective is detection under these conditions and
why?” (Garcia, 2008)
A security designer must account for the threats against a specific target. Depending upon
the target and the threat, security countermeasures from one location will not work in another
Physical Security
9
location. Situations that would entail using guards verse detection devices are dependent upon
the target and its security needs. For instance, in a high security maximum prison, there are
armed guards stationed in key areas to observe the prisoners. In the event of an incident, the
guards can observe, report, and respond quicker than a sensor. Guards stationed in the guard post
surrounding the perimeter of the prison act as a first line defense to attacks or incidents. This
allows for a balanced protection within the prison security system (Garcia, 2008). This is
because all security devices are equal in time amount needed to penetrate the target. In the case
of the prison, it is typically breaking out of the facility.
Another good example of where security guards will be used instead of is in the event
that an exterior sensor goes offline. This could be for such things as maintenance, device failure,
weather conditions, and excessive false alarms (Garcia, 2008). Guards should also be used in
contingency plans to offset the exterior sensors.
Guards can react faster to a situation than a sensor because they can observe, assess, and
implement responses needed on the fly. A security patrol on a nuclear facility would be a good
example. Because of the sheer size of a nuclear power plant, sensors cannot cover every area. In
this scenario, having security guards positioned in the exterior perimeter allows for immediate
response. The goal of the guard on exterior perimeter duty is to prevent any adversary from
breaking through the first line of defense. Guards in high profile security areas also provide the
required response force necessary prior to an adversary gaining entry to the interior perimeter. In
the case of a nuclear power plant and a maximum level security complex, this will be deadly
force.
Detection using guards verse is only good as the personnel that are hired. Security guards
in general do not receive extensive training, quality pay and benefits, or extensive background
Physical Security
10
checks prior to being hired in today’s industry (Fischer, Halibozek, & Green, 2008). With a
sensor device, it either works or it doesn’t. When it is designed and built, the specification detail
what it will do exactly and also states it probability of detection (Garcia, 2008). The human
factor of probability of detection is widely varied. It can be very good with the right personnel
and very bad with the wrong personnel.
A good example was a recent incident in New York City concerning two security guards
that were photographed sleeping on duty. The bridge they were guarding has been identified as a
high terrorist target. Even though there may be sensors on the bridge, they were the first security
barrier to an adversary and they were sleeping. The quality of guards and dedication can be tied
to the commercial side of the industry. A six dollar and hour guard is not as willing to die in a
firefight as say a professional soldier who accepts the risk, is highly trained, and is prepared for
firefight type scenarios.
There are situations in which guards are essential in perimeter detection. This can be
military bases, nuclear power plants, and maximum security prisons. In each scenario, the use of
guards over the use of detection devices or guards combined with detection devices must be
considered individually. The defining point is in defining the threat, identifying the threat, and
building the right PPS for the scenario (Garcia, 2008). When using guards, the human factor will
always play into the probability of detection (PD) and the confidence level (CL) of any system.
Pay, training, and character are important factors to consider when an organization chooses to
rely on guards over exterior intrusion devices.
Physical Security
11
“9. When are false alarms considered excessive?” (Garcia, 2008)
False alarms are considered excessive when the effectiveness of the security systems is
hampered because of the time needed by security to assess the alarm and vulnerability. Even
though “false alarms” are alarms caused by the equipment itself, we will use it in reference for
alarms that create false positives for security (Garcia, 2008). A nuisance alarm is caused when a
device goes off and it is caused by events other than intrusion. Because of nuisance alarms, it is
ineffective to have guards respond to every alarm. This is why detection is not complete without
assessment (Garcia, 2008).
Evert time an alarm has to be assessed by a guard; another area becomes a potential target
because of the lack of monitoring. False alarms can also be used as tools for adversaries to
accomplish their goals. Since most security devices that are made today can have their
specifications easily acquired, the adversary can use these specifications against a potential
target. This is why it is essential to complement a sensor’s weakness with another sensor’s
strengths. When a security designer is aware of the specification of a product, they can help
decrease the false alarms.
There are many ways in which excessive false alarms can be controlled. One of the
fastest growing ways is through computer probability. With computers dropping in price, many
organizations are having all sensors tied into an alarm monitoring computer. Its job is to use a
probability database or inputs about the devices to determine false alarms or to trigger an alarm
for assessment. Without this, guards would be constantly verifying alarms during weather,
seasons, and all parts of the day. This creates excessive cost for the organization in the aspect of
having to hire more guards to meet the alarms and assess the event. In this case, if more guards
are hired, than something else must give.
Physical Security
12
The primary factor to consider if excessive alarms are detected is the acceptable false
alarm rate (FAR) (Garcia, 2008). This rate not only reduces the alarm responses required by
guards, it also helps operators identify when a device needs to be reported to maintenance for
repair. False alarms are a fact of life in the security realm. They are here to stay. The only thing a
security designer can do to address false alarms is to plan. By identifying threats, targets, and
establishing good security designs, security designers can account for false alarms when
implementing PPS. By using tools such as AND gates and computer systems, security designers
can reduce the amount of excessive false alarms and create a manageable amount that can be
assessed and responded too in a reasonable amount of time. The more false alarms an
organization has, the better the chances an adversary will be able to penetrate the perimeter,
acquire the target, and escape unnoticed.
Physical Security
References
Fennelly, L. J. (2004). Effective Physical Secuirty (3rd ed.). Burlington, MA: Elsevier
Butterworth-Heinemann.
Fischer, R. J., Halibozek, E., & Green, G. (2008). Introduction to Security (8th ed.).
Burlington, MA: Elsevier Butterworth-Heinemann.
Garcia, M. L. (2008). The Design and Evaluation of Physical Protection Systems (2nd
ed.). Burlington. MA: Elsevier Butterworth-Heinemann.
Harwood, M. (2009, August 26). Nuclear Power Plants Move to Software Based Risk
Assesments to Fend Off Fire. Retrieved September 5, 2009, from Securitymanagement:
http://www.securitymanagement.com/news/nuclear-power-plants-move-software-based-riskassessments-fend-fire-006068
13
Related documents
Citation: Ellen E. Sward, Values, Ideology, and the Evolution of the
Citation: Ellen E. Sward, Values, Ideology, and the Evolution of the
ACAMP_Presentation
ACAMP_Presentation
Computer Controls
Computer Controls
CSE 207 Homework 1
CSE 207 Homework 1
Verbiage and Disclaimer for Alarm Management
Verbiage and Disclaimer for Alarm Management
Op-ED: Fire Takes No Prisoners So Far in 2013 By (LOCAL FIRE
Op-ED: Fire Takes No Prisoners So Far in 2013 By (LOCAL FIRE
Lab 08 Conservation of Momentum
Lab 08 Conservation of Momentum
alarm monitoring service argreement
alarm monitoring service argreement
Download
advertisement