Running head: A BIZARRE APPLICATION OF APA

advertisement
Physical Security
Running head: Physical Security
Physical Security Week 5 Assignment
Michael R. Vest
Paul Baker
Physical Security SMGT 315
September 19, 2009
1
Physical Security
Abstract
We examine six questions that examine the reasons for using a supervised alarm
communications link; identify the information needed by console operators when alarms are
activated; identify project design team members; situations in which guards would be used for
entry control; reason why portal doors, walls, and roof alarms should have the same delay; and
problems created by a totally automated entry system.
2
Physical Security
3
Physical Security Week 4 Assignment
Chapter 9:
“3. What are the reasons for using a supervised alarm communication link?”
(Garcia, 2008)
When looking at an alarm communication and display system, the communications
system is the backbone. A business can have the most sophisticated sensors installed; but if the
signal from an activated sensor never makes it to the security operator console, the system is
worthless. Alarm communications and display systems rely on two critical elements to be
successful. The elements are “the transportation or communication of data” and “the presentation
or display of that data to a human operator in a meaningful manner” (Garcia, 2008). Because of
the complexity of today’s security systems, supervision of the communications system is needed.
“Supervisory systems are used to monitor the communication link to ensure that it is
operating correctly and that data has not been altered during transmission” (Garcia, 2008). This
system can be either static or dynamic in nature. When the system operates in static mode, the
signal is always there. It never changes. While this allows easy monitoring of the sensor to
operator console communications, it is easily bypassed by an adversary. Dynamic supervisory
systems operate on the premise of a variable and rotating signal that is cycled every so often and
monitored. These systems are relatively difficult to circumvent for an adversary. Dynamic
systems tend to use encryption sub-systems that must be key controlled and have a higher
bandwidth requirement than static systems. Dynamic systems are also susceptible to
sophisticated attacks by adversaries (Garcia, 2008). When selecting a supervisory system, the
designer must also be familiar with many computer and network based protocols to enable a
secure systems that allows for monitoring.
Physical Security
4
Many of today’s security systems are tied to a localized network that enables the signals
from the sensors to be transmitted to the control console for interpretation. Because many
systems use computer and networking, knowing the three primary network layers that are used
by networking systems is critical. The three layers that are used within a computer based alarm
monitoring systems are the physical, data link, and network layer of the seven-layer Open Source
Interconnection (OSI) network design (Garcia, 2008).
The physical layer deals with the electrical signals that are generated via the sensor
device. At the physical layer is where protocols are selected. The actual media that will be
transmitted is also selected at this layer. Examples of media are twisted-pair, coaxial cable, and
fiber-cable. Each has their own strengths and weaknesses. For the most secure media conduit,
fiber-optic cable is best used. Not only does it have the potential for long cable runs (up to 12
miles), it is also extremely hard to compromise and most intrusions are easily detected (Garcia,
2008). One protocol that is standardizing the industry current is the IPv6 protocol. Many devices
are now coming standard with support for this protocol in networking devices. Because security
systems need accurate data, the data link layer is used.
The data link layer is used to enable protocols to error-check the data that is being
transmitted via the physical layer. Error-checking only works if the protocol supports the feature.
Alarm systems should use protocols that allow error-checking when using centralized computer
control centers. This layer is used to notify the next higher-level that something is wrong at the
lower levels. The protocols that included error-checking are more reliable than protocols that do
not error-check. Even though the data link layer provides the error-checking, reliability in
communications routing is required. This is done at the network layer.
Physical Security
5
The network layer is responsible for the routing and controlling of network traffic. This
layer allows the communications data to have redundancy and reliability. This layer also
monitors the electronic message for duplicate messages and guarantees that messages will arrive
to its destination. The network layer is critical in providing information to the central alarm
console so that the operator receives the indication on the console.
Since communication is extremely important for an alarm system, the network itself
should be monitored for problems in the routes from the sensors to the console. There are several
system monitoring tools that can be used to aid the security personnel with monitoring of the
system and its communications. Tools that are used to monitor the communications path include
HP OpenView and CisoWorks. Both of the programs display an overall picture of the network
and allow the viewer to isolate problems down to the individual piece of equipment that is being
monitored.
All security systems can be defeated (Fennelly, 2004). To rely on a single non-redundant
system is foolish. With the advent of cheap high-speed bandwidth and advanced sensors that can
be incorporated onto live networks for communication, a security designer must not only be
aware of sensor strengths and weaknesses; he must be familiar with network infrastructure and
how it incorporated within the alarm system design.
“5. What information does the console operator need when an alarm occurs?”
(Garcia, 2008)
Because of the potential information, that computer systems can retrieve, information
overload is experienced. Research shows that humans only have about a thirty minute to sixty
minute attention span when looking for unusual events (Garcia, 2008). By injecting mass
Physical Security
6
amounts of data for an observer to process, the observer can suffer from a condition called
“information overload”. This overloading of the observer will cause even the most sophisticated
systems to fail (Garcia, 2008). By letting computers receive inputs from all sensors and crossreferencing those inputs against databases and condition tables, observers can be shown only the
most critical information for assessment.
There are three primary bits of information that operators need to be able to respond to
the actions indicated by an alarm console. This information is “1.) Where and alarm has
occurred, 2.) What or who caused the alarm, and 3.) When the alarm happened (Garcia, 2008),
everything else is irrelevant. By designing a systems that only renders that appropriate
information to the center console, the chances for correct assessment is enhanced.
There are many tools that allow the operator to process this information in a timely
manner. Some of the tools include CCTVs, map overlays with sensor positions, and intelligent
alarm analysis systems. CCTVs can be tied in with the sensor array and be set to automatically
start recording when an alarm is triggered. In the event of an alarm, the observer can switch to
the area monitor and review for what caused the alarm. By tying the camera to the alarm, this is
one less operation the operator must do to verify the alarm. This reduces the assessment and
response times that are needed for effective PPS.
Building and area maps that have the sensor identified and tied to the indicator light
system allows for the observer to target their area of assessment. If sensors are activated within
certain time limits and down a certain path, this has a high potential of indicating an adversary
attack verse false alarms. Maps also help a new observer be able to direct the response teams to
intercept an adversary that has been detected.
Physical Security
7
One new areas of security alarm processing in intelligent alarm analysis. This new
technology focuses on applying alarm processing and fusion tchniques to provide better
information to the alarm operator. This system incorporates device trend analysis that is used by
the system to determined if an alarm needs to be triggered. This allows for the reduction of
nuisance alarms, system NARs, and allows for such statistics as Mean Time Failure Rates or
MTFR (Garcia, 2008).
Other information that operators needs to know when an alarm occurs is reference
numbers to key facility control personnel. Maintenance and computer personnel are two numbers
that all operators should have on hand. This allows for the operator to pass information to these
areas if the sensor needs maintenance or if a potential communications error is occuring. By
allowing other areas to focus on moitoring their parts of the security system, the operator can
concentrate on the main job of detecting, delay, and directing response teams to all alarms as
requried.
“7. Who should be on the project design team at your facility?” (Garcia, 2008)
Many times, design flaws are discovered after a system has been designed. These design
flaws are more time more expensive to implement after the fact. Design flaws in security alarm
systems can be extremely costly. This is because of the amount of time to resurvey the
requirement, securing the contractors, and making the system available for the required
downtime to install, maintain, and test the fixes. The best solution is to bring in the area
specialist in at the head of any project.
Project teams for security should contain key members that have systems that will be
combined with the security system to make it fully functional. Some of the key members to
Physical Security
8
include on a security project include Chief Security Officers (CSO), safety representatives,
network engineers, maintenance supervisors, and ergonomics specialist. The CSO is normally in
charge of the security for the entire facility. They usually report to the board members or owner
of the facility. His responsibility is to ensure all aspects of security are covered. He is the key
person for a system designer to contact during the initial site surveys (Fischer, Halibozek, &
Green, 2008). He will be able to secure tours, obtain blueprints, and have a working knowledge
of local threats and their tactics. Security and safety need to work together to accomplish the
goal of security.
The responsibilities of the CSO and safety representatives are ruled by different factors.
Some factors include regulations, ease of convenience, and mission requirements (Fischer,
Halibozek, & Green, 2008). Because of these factors, the goal of security and safety commonly
conflict with each other when designing security systems. While the CSO tries to secure the
facility by using countermeasures, safety representatives need to ensure security does not violate
safety. Where a security specialist would want to use electromagnetic locks on deadbolts on an
exit door, safety regulation dictate that doors must be able to be open in one fluid movement in
the event of a fire (Fennelly, 2004). Along with security and safety concerns, alarm systems
today are using complicated networking equipment to establish communication between the
sensor and alarm consoles.
Network engineers are the experts on setting up communication infrastructure that
provides for fast reliable serve while providing tools for redundancy and backup. Alarm systems
have advanced and are using some of the very same designs that network engineers use to set up
established networks. Alarm topologies such as star, bus, and point-to-point have their basis from
the computer network area (Garcia, 2008). As alarms are designed to integrate with computer
Physical Security
9
networks for processing of sensor information by advanced computer control centers, having a
person that understands route design is essential. The engineer can help design the best type of
infrastructure for the security system and alarm sensors that allow for redundancy, reliability,
and backup. By using networks, security systems can utilizes the security features that protect
networks to protect the vital communication link between the sensor devices and the master
console. By using protocols that allow for error-checking and flow-control, alarm systems are
harder to bypass and intrusions are more likely to be detected by the system. Media such a fiber
optics, even though expensive, allows for high security and reliable movement of data over long
distances (Garcia, 2008). Network engineers, using programs such as HP OpenView and
CiscoWorks, can monitor the security network as a whole and yet still have the ability to
transverse to a single device that is indicating an alarm and identify what is causing the alarm
and react. By monitoring the routes that the communications between sensors and master control
consoles transverse, advanced adversaries can be detected in an attempt is made to bypass
security systems through the network. Tools that allow for these protections include firewalls,
port security, and routing protection like split-horizon.
Maintenance supervisors need to be included on projects. This is so that design layout
can accommodate the maintenance requirements of the company. Problems maintenance must
deal with include small space design, types of equipment required for maintenance, and
scheduling times for working on the system. Because of the danger from inside adversaries,
maintenance access to secure areas must be accounted for in security design. This is to prevent
potential nuisance alarms and also to establish who has authority over the areas that are affected
by security and maintenance. Maintenance supervisors can also identify such things as chemicals
and materials used in cleaning and repairing other items that are not related to security. This is
Physical Security
10
important to know when selecting sensors. Imagine the nightmare in troubleshooting a nuisance
alarm on a sensor that goes off every time the maintenance person sprays furniture cleaner next
to an infrared sensor. If no one knows about the chemical, then countermeasure cannot be put
into place for the furniture spray.
One forgotten member of many project teams is an ergonomics specialist. These
designers look at the human factor when designing system layouts. The purpose of ergonomic is
to ensure the human body is comfortable so that the required task can be completed without
causing fatigue or injury. When designing a security operator’s console, these specialists are
essential. A poorly designed alarm console can degrade the systems performance (Garcia, 2008).
Items that ergonomic specialist look at are video monitor height, alarm response button location,
and panoramic console design. Video monitors should be at viewers eye-level (Garcia, 2008).
Primary viewing systems and buttons should be within eye view without requiring the operator
to move the eyes or head to interact with the system. As the importance of the systems decrease,
they should spread out from this center point. Typically using a 30 degree spread for secondary
locations works well when designing a console (Garcia, 2008). By using an ergonomic specialist,
the observer is better adept at completing their job verse looking for locations of associated
systems.
These are just some of the people that need to be on project management teams. Each
project is different and different experts are needed for each project. The personnel listed above
should be on every project team. By using specialist in areas that are needed during a project,
designing an effective system during the design phase can occur verse developing needed areas
in during an more costly after-design phase. The cost savings in using specialist in the project
design phase verse the finished stages is a quantifiable factor that management can understand.
Physical Security
11
Chapter 10:
“2. In what situations would a protective force (guard) be used for entry control?
What impact could this have on the physical protection system, the cost, and so on? ”
(Garcia, 2008)
While many companies are attempting to cut costs by reducing the amount of physical
security presence with electronic means, the need for physical security still exists. Physical
security is still needed to control entry points, even with electronic entry control systems. The
goals of entry control drive the use of both electronic and physical guards for entry control
points. The goal of entry control is “1.)To permit only authorized person to enter and exit; 2.) To
detect and prevent the entry or exit of contraband material; and 3.) To provide information to
security personnel to facilitate assessment and response” (Garcia, 2008).
The use of guards for physical guards for entry control depends upon the level of
protection required for a defined asset. Physical guards have the advantage of being able to
detect and assess an event in split second timing. For example a guard at a vehicle entry control
point on a military installation can respond with immediate deadly force if a vehicle breaks
though the perimeter. In this situation, the delay to response time is faster than the delay to
response time when the event is detected via an unmanned sensor. This time difference can make
the difference between a terrorist being stopped and accomplishing the mission if explosives are
involved.
Physical Security
12
Guards are ideal in situations where entry control points have extra traffic that needs to
be accounted for. This could be at shift changes, during fire alarms, or evacuations (Garcia,
2008). They are also used for verifying personnel that are entering an area by using visual
identification. This includes using photo image badges, monitoring exchange badge systems, and
reviewing facial recognition software. Another prime example in which guard present a better
security that electronic is at big events. Events like the Michael Jackson funeral demonstrated an
event where electronic surveillance allows would not have been enough. Guards were needed for
the extra security when issuing tickets for the funeral review.
While guards are a valid security measure, they are also contribute to the being the
weakest link in a PPS. Human nature must be factored into the PPS equation. Security is only as
reliable as the weakest link. If an alarm console system is poorly designed, the effectiveness of
the operator’s ability to monitor and assess events is degraded (Garcia, 2008). Security guards
within the private sector receive minimal to no training, receive no benefits, and have little
vested in the company that they are hired to protect (Fischer, Halibozek, & Green, 2008). This
creates scenarios in which a guard may not look as hard at an identification badge, overlook an
event due to a distraction, or just not care. This puts the pressure on the PPS to compensate for
the guard in detecting, delaying, and responding to alarms. Automated systems are never the best
option. If a system is fully automated and it is bypassed, the system fails.
When considering the burden to a company’s security cost, guards are added expenses.
Expenses that must be factored include wages, training, sick call, vacation, liability, etc. Each
expenses factors into the overall security picture. If a company is not willing to accept and
address these expenses, the chances of an adversary bypassing detection devices increase. The
guard is the human factor that is both good and bad. On the good side, it has the ability to think
Physical Security
13
and react on the fly upon assessment of an alarm. On the bad side, human nature allows for such
activities as sleeping, daydreaming, and corruption. Overall, using guards at entry control points
increases the chances of detecting adversaries attempting to gain access. When used with
electronic surveillance system, the two complement each other to create strong PPS. In the era of
cost verse benefit, when the cost of losing an asset is reviewed, establishing extra security is a
highly prized asset.
“3. Why should portal doors, walls, and roof provide the same delay as the
perimeter or building walls in which they are installed?” (Garcia, 2008)
When designing the layout of a security system for a facility, each area must be surveyed
to refine the acceptable countermeasures that are needed to secure the area. The best way to look
at why doors, walls, and roofs should have the same delay as perimeters is by identifying each
element as a sub-system. By designing each sub-system independently and then collectively, the
chances for intrusion detection are increased (Garcia, 2008).
If one looks at each room as a perimeter, it helps the designer to think about security
design. We want to know at the earliest possible moment when a potential adversary enters the
area being monitored. If all the doors are on one system and walls are on another system for
example, all the adversary has to do is defeat one system and use that as the entry into the target
area. Also in alarm system design, if we tie each of the sub-systems together with some common
factors that are known about each element. True adversary detection can be accounted for. For
example, fire doors are typically alarmed and locked using magnetic locks that will disengage
with a single push per fire codes (Fennelly, 2004). This push will trigger an alarm to the security
alarm center that then assesses the event. In the case of a high security area, the operator may
Physical Security
14
control the time in which it takes to unlock the door due to security reasons. This same fire door
can also be opened in many cases by special keys or codes that will not trigger the alarms but it
does record the opening of the door. Where the subsystem comes into play is when the door is
triggered for a fire, a set time limit delay may be engaged to allow a person to access the next
exit door. If the time limit expires without the second door sensor being triggered, an alarm is
executed for validation. This is to alert security that the door may have been opened by an
adversary for movement verse exiting the building for a fire.
By placing all relative sub-system sensors in line with each other, acceptable time delay
can be set that will not trigger alarms. This would allow for such things as high winds blowing
the doors, hail hitting a rooftop entrance, or someone bumping into walls. When each system is
used together, bypassing the system becomes increasingly difficult because the adversary must
confront multiple sub-systems verse a single system.
This combining of sub-systems enable a perimeter countermeasure field within buildings.
When an office is compromised, the operator receives the alarm and brings up the layout of the
building on the monitor. As the operator start the assessment process, if another alarm in the
same vicinity is triggered, the chances of it being a nuisance alarm decrease.
Another aspect to consider is the establishment of different circuits that send data to the
control centers. By tying the same delays to multiple devices within the same area but on
different systems will ensure the signal get to the operator alarm console. By using two paths
with the same time delay, if one system is compromised, the data will still reach its destination
within the same allotted time (Garcia, 2008).
By establishing sub-systems that are independent and yet are integrated into a single
system, monitoring sensors can provide the critical data needed by the computer alarm analysis
Physical Security
15
systems that trigger the alarm on an operator’s console. By combining systems time delays,
normal delays are factored into the monitoring of the system and reduce nuisance alarms;
however, if the time delay is broken, the system interprets the information and immediately
sends it to the operators console for assessment and response.
“6. What problems would be created by a totally automated entry control system?”
(Garcia, 2008)
“Security implies a stable, relatively predictable environment in which an individual or
group may pursue its ends without disruption or harm and without fear of disturbance or injury”
(Fischer, Halibozek, & Green, 2008). By the very definition of security, it is all but impossible to
create a fully automated security system. This includes automated entry control systems.
Entry control systems are one of the first controls within a security system that controls
the access of authorized personnel and the prevention of unauthorized access. There are many
tools that can accomplish automated entry control. Tools that automate entry control can be
scanning devices that lock until the correct card is scanned, systems that detect the presence of
personnel in a controlled closed area, biometric scanners, and retina scanners.
Each of these tools has their benefits and weaknesses. Electronic scan card can be
duplicated or forged. Biometrics and retina can be defeated with Hollywood special effects
depending upon the strength of the system. A “dummy” can defeat an automated closed control
room by triggering safety protocols that automatically disengage the system in the event of an
emergency.
By relaying solely on automated entry control systems, the human factor is removed.
This is good and bad. The benefit is that these automated systems do not sleep, are rarely wrong,
Physical Security
16
and keep the entry control point secure. What it cannot due is determine that there is an influx of
personnel attempting to enter or exit the facility due to shift changes. They cannot determine that
the person is not an adversary because there is no secondary system in place to verify. They
cannot factor in if someone has a cold, lost a finger, or has a scratch on the retina form a stick.
Because automated systems are mechanical, they do malfunction. These malfunctions can be
costly (Fischer, Halibozek, & Green, 2008). A few years ago, there was a sorry about the
Chinese ambassador who as leaving a government meeting and encountered a malfunctioning
countermeasure entry control point. As his vehicle proceeded over the three foot instant pop-up
vehicle barriers, a sensor went off. Because the response of most vehicle barrier extractors is a
matter of seconds, his car was immediately met with a metal platform instantly rising three-feet
just under the middle of his car. The vehicle was flipped; however, no one was hurt but the
publicity was extremely harsh.
For security to work there must be a human factor. This complements an automated
system. Humans can detect a large number of people during shift change and adjust with
additional personnel for visual identification. Guards can also verify authorized personnel against
their badge system. They can react in the event of an emergency that occurs. Automated systems
cannot account for these types of events. In the event of a fire, automated systems cannot handle
the panic that normally ensues with the alarms going off. It doesn’t care and processes traffic at
the same pace. Non-automated systems can be turned off or regulated to account for these
events. If the single entrance to a facility is automated and it breaks, no one can get into the
facility until maintenance fixes the problem. This is money and time lost by the organization.
When I think of automated security, I think about the “Terminator” movie series. In that
era, organizations automated everything to include defense systems without human intervention.
Physical Security
17
The result was an automated system that logically deduced the human race was a danger to itself
as a species and needed to be destroyed. Automated entry control points are helpful in certain
circumstance; however, there should always be a system in place that complements the system in
the event of failure or event that is it not programmed to process.
Physical Security
18
References
Fennelly, L. J. (2004). Effective Physical Secuirty (3rd ed.). Burlington, MA: Elsevier
Butterworth-Heinemann.
Fischer, R. J., Halibozek, E., & Green, G. (2008). Introduction to Security (8th ed.). Burlington,
MA: Elsevier Butterworth-Heinemann.
Garcia, M. L. (2008). The Design and Evaluation of Physical Protection Systems (2nd ed.).
Burlington. MA: Elsevier Butterworth-Heinemann.
Download