Running head: A BIZARRE APPLICATION OF APA
advertisement
Physical Security Running head: Physical Security Physical Security Week 5 Assignment Michael R. Vest Paul Baker Physical Security SMGT 315 September 19, 2009 1 Physical Security Abstract We examine six questions that examine the reasons for using a supervised alarm communications link; identify the information needed by console operators when alarms are activated; identify project design team members; situations in which guards would be used for entry control; reason why portal doors, walls, and roof alarms should have the same delay; and problems created by a totally automated entry system. 2 Physical Security 3 Physical Security Week 4 Assignment Chapter 9: “3. What are the reasons for using a supervised alarm communication link?” (Garcia, 2008) When looking at an alarm communication and display system, the communications system is the backbone. A business can have the most sophisticated sensors installed; but if the signal from an activated sensor never makes it to the security operator console, the system is worthless. Alarm communications and display systems rely on two critical elements to be successful. The elements are “the transportation or communication of data” and “the presentation or display of that data to a human operator in a meaningful manner” (Garcia, 2008). Because of the complexity of today’s security systems, supervision of the communications system is needed. “Supervisory systems are used to monitor the communication link to ensure that it is operating correctly and that data has not been altered during transmission” (Garcia, 2008). This system can be either static or dynamic in nature. When the system operates in static mode, the signal is always there. It never changes. While this allows easy monitoring of the sensor to operator console communications, it is easily bypassed by an adversary. Dynamic supervisory systems operate on the premise of a variable and rotating signal that is cycled every so often and monitored. These systems are relatively difficult to circumvent for an adversary. Dynamic systems tend to use encryption sub-systems that must be key controlled and have a higher bandwidth requirement than static systems. Dynamic systems are also susceptible to sophisticated attacks by adversaries (Garcia, 2008). When selecting a supervisory system, the designer must also be familiar with many computer and network based protocols to enable a secure systems that allows for monitoring. Physical Security 4 Many of today’s security systems are tied to a localized network that enables the signals from the sensors to be transmitted to the control console for interpretation. Because many systems use computer and networking, knowing the three primary network layers that are used by networking systems is critical. The three layers that are used within a computer based alarm monitoring systems are the physical, data link, and network layer of the seven-layer Open Source Interconnection (OSI) network design (Garcia, 2008). The physical layer deals with the electrical signals that are generated via the sensor device. At the physical layer is where protocols are selected. The actual media that will be transmitted is also selected at this layer. Examples of media are twisted-pair, coaxial cable, and fiber-cable. Each has their own strengths and weaknesses. For the most secure media conduit, fiber-optic cable is best used. Not only does it have the potential for long cable runs (up to 12 miles), it is also extremely hard to compromise and most intrusions are easily detected (Garcia, 2008). One protocol that is standardizing the industry current is the IPv6 protocol. Many devices are now coming standard with support for this protocol in networking devices. Because security systems need accurate data, the data link layer is used. The data link layer is used to enable protocols to error-check the data that is being transmitted via the physical layer. Error-checking only works if the protocol supports the feature. Alarm systems should use protocols that allow error-checking when using centralized computer control centers. This layer is used to notify the next higher-level that something is wrong at the lower levels. The protocols that included error-checking are more reliable than protocols that do not error-check. Even though the data link layer provides the error-checking, reliability in communications routing is required. This is done at the network layer. Physical Security 5 The network layer is responsible for the routing and controlling of network traffic. This layer allows the communications data to have redundancy and reliability. This layer also monitors the electronic message for duplicate messages and guarantees that messages will arrive to its destination. The network layer is critical in providing information to the central alarm console so that the operator receives the indication on the console. Since communication is extremely important for an alarm system, the network itself should be monitored for problems in the routes from the sensors to the console. There are several system monitoring tools that can be used to aid the security personnel with monitoring of the system and its communications. Tools that are used to monitor the communications path include HP OpenView and CisoWorks. Both of the programs display an overall picture of the network and allow the viewer to isolate problems down to the individual piece of equipment that is being monitored. All security systems can be defeated (Fennelly, 2004). To rely on a single non-redundant system is foolish. With the advent of cheap high-speed bandwidth and advanced sensors that can be incorporated onto live networks for communication, a security designer must not only be aware of sensor strengths and weaknesses; he must be familiar with network infrastructure and how it incorporated within the alarm system design. “5. What information does the console operator need when an alarm occurs?” (Garcia, 2008) Because of the potential information, that computer systems can retrieve, information overload is experienced. Research shows that humans only have about a thirty minute to sixty minute attention span when looking for unusual events (Garcia, 2008). By injecting mass Physical Security 6 amounts of data for an observer to process, the observer can suffer from a condition called “information overload”. This overloading of the observer will cause even the most sophisticated systems to fail (Garcia, 2008). By letting computers receive inputs from all sensors and crossreferencing those inputs against databases and condition tables, observers can be shown only the most critical information for assessment. There are three primary bits of information that operators need to be able to respond to the actions indicated by an alarm console. This information is “1.) Where and alarm has occurred, 2.) What or who caused the alarm, and 3.) When the alarm happened (Garcia, 2008), everything else is irrelevant. By designing a systems that only renders that appropriate information to the center console, the chances for correct assessment is enhanced. There are many tools that allow the operator to process this information in a timely manner. Some of the tools include CCTVs, map overlays with sensor positions, and intelligent alarm analysis systems. CCTVs can be tied in with the sensor array and be set to automatically start recording when an alarm is triggered. In the event of an alarm, the observer can switch to the area monitor and review for what caused the alarm. By tying the camera to the alarm, this is one less operation the operator must do to verify the alarm. This reduces the assessment and response times that are needed for effective PPS. Building and area maps that have the sensor identified and tied to the indicator light system allows for the observer to target their area of assessment. If sensors are activated within certain time limits and down a certain path, this has a high potential of indicating an adversary attack verse false alarms. Maps also help a new observer be able to direct the response teams to intercept an adversary that has been detected. Physical Security 7 One new areas of security alarm processing in intelligent alarm analysis. This new technology focuses on applying alarm processing and fusion tchniques to provide better information to the alarm operator. This system incorporates device trend analysis that is used by the system to determined if an alarm needs to be triggered. This allows for the reduction of nuisance alarms, system NARs, and allows for such statistics as Mean Time Failure Rates or MTFR (Garcia, 2008). Other information that operators needs to know when an alarm occurs is reference numbers to key facility control personnel. Maintenance and computer personnel are two numbers that all operators should have on hand. This allows for the operator to pass information to these areas if the sensor needs maintenance or if a potential communications error is occuring. By allowing other areas to focus on moitoring their parts of the security system, the operator can concentrate on the main job of detecting, delay, and directing response teams to all alarms as requried. “7. Who should be on the project design team at your facility?” (Garcia, 2008) Many times, design flaws are discovered after a system has been designed. These design flaws are more time more expensive to implement after the fact. Design flaws in security alarm systems can be extremely costly. This is because of the amount of time to resurvey the requirement, securing the contractors, and making the system available for the required downtime to install, maintain, and test the fixes. The best solution is to bring in the area specialist in at the head of any project. Project teams for security should contain key members that have systems that will be combined with the security system to make it fully functional. Some of the key members to Physical Security 8 include on a security project include Chief Security Officers (CSO), safety representatives, network engineers, maintenance supervisors, and ergonomics specialist. The CSO is normally in charge of the security for the entire facility. They usually report to the board members or owner of the facility. His responsibility is to ensure all aspects of security are covered. He is the key person for a system designer to contact during the initial site surveys (Fischer, Halibozek, & Green, 2008). He will be able to secure tours, obtain blueprints, and have a working knowledge of local threats and their tactics. Security and safety need to work together to accomplish the goal of security. The responsibilities of the CSO and safety representatives are ruled by different factors. Some factors include regulations, ease of convenience, and mission requirements (Fischer, Halibozek, & Green, 2008). Because of these factors, the goal of security and safety commonly conflict with each other when designing security systems. While the CSO tries to secure the facility by using countermeasures, safety representatives need to ensure security does not violate safety. Where a security specialist would want to use electromagnetic locks on deadbolts on an exit door, safety regulation dictate that doors must be able to be open in one fluid movement in the event of a fire (Fennelly, 2004). Along with security and safety concerns, alarm systems today are using complicated networking equipment to establish communication between the sensor and alarm consoles. Network engineers are the experts on setting up communication infrastructure that provides for fast reliable serve while providing tools for redundancy and backup. Alarm systems have advanced and are using some of the very same designs that network engineers use to set up established networks. Alarm topologies such as star, bus, and point-to-point have their basis from the computer network area (Garcia, 2008). As alarms are designed to integrate with computer Physical Security 9 networks for processing of sensor information by advanced computer control centers, having a person that understands route design is essential. The engineer can help design the best type of infrastructure for the security system and alarm sensors that allow for redundancy, reliability, and backup. By using networks, security systems can utilizes the security features that protect networks to protect the vital communication link between the sensor devices and the master console. By using protocols that allow for error-checking and flow-control, alarm systems are harder to bypass and intrusions are more likely to be detected by the system. Media such a fiber optics, even though expensive, allows for high security and reliable movement of data over long distances (Garcia, 2008). Network engineers, using programs such as HP OpenView and CiscoWorks, can monitor the security network as a whole and yet still have the ability to transverse to a single device that is indicating an alarm and identify what is causing the alarm and react. By monitoring the routes that the communications between sensors and master control consoles transverse, advanced adversaries can be detected in an attempt is made to bypass security systems through the network. Tools that allow for these protections include firewalls, port security, and routing protection like split-horizon. Maintenance supervisors need to be included on projects. This is so that design layout can accommodate the maintenance requirements of the company. Problems maintenance must deal with include small space design, types of equipment required for maintenance, and scheduling times for working on the system. Because of the danger from inside adversaries, maintenance access to secure areas must be accounted for in security design. This is to prevent potential nuisance alarms and also to establish who has authority over the areas that are affected by security and maintenance. Maintenance supervisors can also identify such things as chemicals and materials used in cleaning and repairing other items that are not related to security. This is Physical Security 10 important to know when selecting sensors. Imagine the nightmare in troubleshooting a nuisance alarm on a sensor that goes off every time the maintenance person sprays furniture cleaner next to an infrared sensor. If no one knows about the chemical, then countermeasure cannot be put into place for the furniture spray. One forgotten member of many project teams is an ergonomics specialist. These designers look at the human factor when designing system layouts. The purpose of ergonomic is to ensure the human body is comfortable so that the required task can be completed without causing fatigue or injury. When designing a security operator’s console, these specialists are essential. A poorly designed alarm console can degrade the systems performance (Garcia, 2008). Items that ergonomic specialist look at are video monitor height, alarm response button location, and panoramic console design. Video monitors should be at viewers eye-level (Garcia, 2008). Primary viewing systems and buttons should be within eye view without requiring the operator to move the eyes or head to interact with the system. As the importance of the systems decrease, they should spread out from this center point. Typically using a 30 degree spread for secondary locations works well when designing a console (Garcia, 2008). By using an ergonomic specialist, the observer is better adept at completing their job verse looking for locations of associated systems. These are just some of the people that need to be on project management teams. Each project is different and different experts are needed for each project. The personnel listed above should be on every project team. By using specialist in areas that are needed during a project, designing an effective system during the design phase can occur verse developing needed areas in during an more costly after-design phase. The cost savings in using specialist in the project design phase verse the finished stages is a quantifiable factor that management can understand. Physical Security 11 Chapter 10: “2. In what situations would a protective force (guard) be used for entry control? What impact could this have on the physical protection system, the cost, and so on? ” (Garcia, 2008) While many companies are attempting to cut costs by reducing the amount of physical security presence with electronic means, the need for physical security still exists. Physical security is still needed to control entry points, even with electronic entry control systems. The goals of entry control drive the use of both electronic and physical guards for entry control points. The goal of entry control is “1.)To permit only authorized person to enter and exit; 2.) To detect and prevent the entry or exit of contraband material; and 3.) To provide information to security personnel to facilitate assessment and response” (Garcia, 2008). The use of guards for physical guards for entry control depends upon the level of protection required for a defined asset. Physical guards have the advantage of being able to detect and assess an event in split second timing. For example a guard at a vehicle entry control point on a military installation can respond with immediate deadly force if a vehicle breaks though the perimeter. In this situation, the delay to response time is faster than the delay to response time when the event is detected via an unmanned sensor. This time difference can make the difference between a terrorist being stopped and accomplishing the mission if explosives are involved. Physical Security 12 Guards are ideal in situations where entry control points have extra traffic that needs to be accounted for. This could be at shift changes, during fire alarms, or evacuations (Garcia, 2008). They are also used for verifying personnel that are entering an area by using visual identification. This includes using photo image badges, monitoring exchange badge systems, and reviewing facial recognition software. Another prime example in which guard present a better security that electronic is at big events. Events like the Michael Jackson funeral demonstrated an event where electronic surveillance allows would not have been enough. Guards were needed for the extra security when issuing tickets for the funeral review. While guards are a valid security measure, they are also contribute to the being the weakest link in a PPS. Human nature must be factored into the PPS equation. Security is only as reliable as the weakest link. If an alarm console system is poorly designed, the effectiveness of the operator’s ability to monitor and assess events is degraded (Garcia, 2008). Security guards within the private sector receive minimal to no training, receive no benefits, and have little vested in the company that they are hired to protect (Fischer, Halibozek, & Green, 2008). This creates scenarios in which a guard may not look as hard at an identification badge, overlook an event due to a distraction, or just not care. This puts the pressure on the PPS to compensate for the guard in detecting, delaying, and responding to alarms. Automated systems are never the best option. If a system is fully automated and it is bypassed, the system fails. When considering the burden to a company’s security cost, guards are added expenses. Expenses that must be factored include wages, training, sick call, vacation, liability, etc. Each expenses factors into the overall security picture. If a company is not willing to accept and address these expenses, the chances of an adversary bypassing detection devices increase. The guard is the human factor that is both good and bad. On the good side, it has the ability to think Physical Security 13 and react on the fly upon assessment of an alarm. On the bad side, human nature allows for such activities as sleeping, daydreaming, and corruption. Overall, using guards at entry control points increases the chances of detecting adversaries attempting to gain access. When used with electronic surveillance system, the two complement each other to create strong PPS. In the era of cost verse benefit, when the cost of losing an asset is reviewed, establishing extra security is a highly prized asset. “3. Why should portal doors, walls, and roof provide the same delay as the perimeter or building walls in which they are installed?” (Garcia, 2008) When designing the layout of a security system for a facility, each area must be surveyed to refine the acceptable countermeasures that are needed to secure the area. The best way to look at why doors, walls, and roofs should have the same delay as perimeters is by identifying each element as a sub-system. By designing each sub-system independently and then collectively, the chances for intrusion detection are increased (Garcia, 2008). If one looks at each room as a perimeter, it helps the designer to think about security design. We want to know at the earliest possible moment when a potential adversary enters the area being monitored. If all the doors are on one system and walls are on another system for example, all the adversary has to do is defeat one system and use that as the entry into the target area. Also in alarm system design, if we tie each of the sub-systems together with some common factors that are known about each element. True adversary detection can be accounted for. For example, fire doors are typically alarmed and locked using magnetic locks that will disengage with a single push per fire codes (Fennelly, 2004). This push will trigger an alarm to the security alarm center that then assesses the event. In the case of a high security area, the operator may Physical Security 14 control the time in which it takes to unlock the door due to security reasons. This same fire door can also be opened in many cases by special keys or codes that will not trigger the alarms but it does record the opening of the door. Where the subsystem comes into play is when the door is triggered for a fire, a set time limit delay may be engaged to allow a person to access the next exit door. If the time limit expires without the second door sensor being triggered, an alarm is executed for validation. This is to alert security that the door may have been opened by an adversary for movement verse exiting the building for a fire. By placing all relative sub-system sensors in line with each other, acceptable time delay can be set that will not trigger alarms. This would allow for such things as high winds blowing the doors, hail hitting a rooftop entrance, or someone bumping into walls. When each system is used together, bypassing the system becomes increasingly difficult because the adversary must confront multiple sub-systems verse a single system. This combining of sub-systems enable a perimeter countermeasure field within buildings. When an office is compromised, the operator receives the alarm and brings up the layout of the building on the monitor. As the operator start the assessment process, if another alarm in the same vicinity is triggered, the chances of it being a nuisance alarm decrease. Another aspect to consider is the establishment of different circuits that send data to the control centers. By tying the same delays to multiple devices within the same area but on different systems will ensure the signal get to the operator alarm console. By using two paths with the same time delay, if one system is compromised, the data will still reach its destination within the same allotted time (Garcia, 2008). By establishing sub-systems that are independent and yet are integrated into a single system, monitoring sensors can provide the critical data needed by the computer alarm analysis Physical Security 15 systems that trigger the alarm on an operator’s console. By combining systems time delays, normal delays are factored into the monitoring of the system and reduce nuisance alarms; however, if the time delay is broken, the system interprets the information and immediately sends it to the operators console for assessment and response. “6. What problems would be created by a totally automated entry control system?” (Garcia, 2008) “Security implies a stable, relatively predictable environment in which an individual or group may pursue its ends without disruption or harm and without fear of disturbance or injury” (Fischer, Halibozek, & Green, 2008). By the very definition of security, it is all but impossible to create a fully automated security system. This includes automated entry control systems. Entry control systems are one of the first controls within a security system that controls the access of authorized personnel and the prevention of unauthorized access. There are many tools that can accomplish automated entry control. Tools that automate entry control can be scanning devices that lock until the correct card is scanned, systems that detect the presence of personnel in a controlled closed area, biometric scanners, and retina scanners. Each of these tools has their benefits and weaknesses. Electronic scan card can be duplicated or forged. Biometrics and retina can be defeated with Hollywood special effects depending upon the strength of the system. A “dummy” can defeat an automated closed control room by triggering safety protocols that automatically disengage the system in the event of an emergency. By relaying solely on automated entry control systems, the human factor is removed. This is good and bad. The benefit is that these automated systems do not sleep, are rarely wrong, Physical Security 16 and keep the entry control point secure. What it cannot due is determine that there is an influx of personnel attempting to enter or exit the facility due to shift changes. They cannot determine that the person is not an adversary because there is no secondary system in place to verify. They cannot factor in if someone has a cold, lost a finger, or has a scratch on the retina form a stick. Because automated systems are mechanical, they do malfunction. These malfunctions can be costly (Fischer, Halibozek, & Green, 2008). A few years ago, there was a sorry about the Chinese ambassador who as leaving a government meeting and encountered a malfunctioning countermeasure entry control point. As his vehicle proceeded over the three foot instant pop-up vehicle barriers, a sensor went off. Because the response of most vehicle barrier extractors is a matter of seconds, his car was immediately met with a metal platform instantly rising three-feet just under the middle of his car. The vehicle was flipped; however, no one was hurt but the publicity was extremely harsh. For security to work there must be a human factor. This complements an automated system. Humans can detect a large number of people during shift change and adjust with additional personnel for visual identification. Guards can also verify authorized personnel against their badge system. They can react in the event of an emergency that occurs. Automated systems cannot account for these types of events. In the event of a fire, automated systems cannot handle the panic that normally ensues with the alarms going off. It doesn’t care and processes traffic at the same pace. Non-automated systems can be turned off or regulated to account for these events. If the single entrance to a facility is automated and it breaks, no one can get into the facility until maintenance fixes the problem. This is money and time lost by the organization. When I think of automated security, I think about the “Terminator” movie series. In that era, organizations automated everything to include defense systems without human intervention. Physical Security 17 The result was an automated system that logically deduced the human race was a danger to itself as a species and needed to be destroyed. Automated entry control points are helpful in certain circumstance; however, there should always be a system in place that complements the system in the event of failure or event that is it not programmed to process. Physical Security 18 References Fennelly, L. J. (2004). Effective Physical Secuirty (3rd ed.). Burlington, MA: Elsevier Butterworth-Heinemann. Fischer, R. J., Halibozek, E., & Green, G. (2008). Introduction to Security (8th ed.). Burlington, MA: Elsevier Butterworth-Heinemann. Garcia, M. L. (2008). The Design and Evaluation of Physical Protection Systems (2nd ed.). Burlington. MA: Elsevier Butterworth-Heinemann.
