A Growing Threat

Critical infrastructures look to ID cards for enhanced protection

n the United States, people encounter a perpetual tradeoff between freedom and security. The nation depends on a complex system of critical infrastructures to maintain a high quality of life and the freedoms enjoyed every day. New threats to security have these organizations taking a second look at their vulnerabilities, however, scrambling to minimize disruption and to maintain the integrity of their operations.

In the past, national security was perceived as the role of government. Today, Department of Homeland Security efforts to protect critical infrastructures from physical attack are a shared responsibility of the public and private sectors, as well as individual citizens.

Prime Targets
Critical infrastructures are generally prepared for natural disasters, which are often predictable days in advance. Terrorist attacks, however, are new and immediate, requiring a different mindset and different levels of preparedness. With proper design, management and operation, organizations can reduce their risks, often without significant investment.

The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets report, published by the Bush administration in 2003, identifies the industry segments and key assets that would disrupt the safety, security or economy of the United States if compromised. They include agriculture and food, water, public health, emergency services, the defense industrial base, telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, postal and shipping, national monuments and icons, nuclear power plants, dams, government facilities and commercial key assets.

These industry segments are being encouraged by the government to adopt security plans. Some already have a base level of security, but others are just beginning. DHS introduced the national infrastructure protection plan in 2006 to provide structure between public sector and private industry initiatives, but because there are no standards for most utilities, each must determine for itself an effective security program.

Broad Security Solutions
In the past, security meant a combination of guards, guns and gates. Today, organizations seek the broadest possible solution to integrate all elements of an operation, from access control to logical security. In many cases, this starts with a simple ID card.

Access control is often the main reason utilities and critical infrastructures introduce ID card systems. The Wisconsin State Laboratory of Hygiene, a public health and environmental laboratory, performs bioterrorism testing of materials such as anthrax. Prior to Sept. 11, 2001, anyone could enter the building, located in the middle of the University of Wisconsin campus. Now, anyone who needs access to the lab must show an authorized ID card. Ensuring that only legitimate cardholders have access to protected areas enables all employees to enjoy greater freedom.

Transportation is another area that plays a vital role in the U.S. infrastructure, and it was designed to be open and accessible. However, an upset here can cause a ripple effect felt nationwide, so after 9/11, it was the first area to receive increased attention. The FAA required every airport in the United States to revalidate identification cards for all employees, ensuring all of the ID cards used at airports were active and up to date. For Los Angeles International Airport, which saw 67 million passengers that year, this meant creating 44,300 new badges, which were produced in-house by two employees with Fargo Professional series card printers.

Today, the focus has shifted to ports. TWIC is being phased in at 12 high-risk ports throughout the country, starting with enrollment in October at the Port of Wilmington, Del. TWIC cards are tamperresistant biometric credentials for as many as 750,000 employees who need unescorted access to ports and vessels.

DHS set aside $400 million to help fund port security initiatives, including money for the ID cards. While a good start, this ID card is basically a photo ID, indicating that a person has passed a background check. What’s missing is any integration with systems at the port facilities themselves, many of which are operated independently. Most ports are vast and sprawling with multiple access points.

Many have railroads running throughout, adding yet another layer of vulnerability. Many transportation companies operate under tight budgets. For example, Metro Transit, a unit of Minneapolis/St. Paul’s Metropolitan Council, considered cost effectiveness when it bought a printer to produce its ID cards. Bringing inside the production of its 20,000 yearly Metropass cards for bus and light rail transit improved the security of the cards and saved the organization money.

Adding Logical Security
Preventing unwanted and unauthorized entry to buildings and grounds is a primary objective of critical infrastructure security systems, but these organizations also need to protect their internal networks. The growth of the Internet and advances in wireless technology have increased the power, and the vulnerability, of computer networks and IT architectures, leaving data and infrastructures at risk. Today, employees and customers have the necessary tools to damage computer systems or steal individual identities around the clock and from virtually any location. Traditional password systems, which can be stolen, copied or forgotten, are being replaced with sophisticated authentication systems, many of which start with an ID card.

While critical infrastructures have yet to adopt ID cards widely for network security, the trend is moving in this direction. ID cards, especially those with smart card technology, can provide single-use access or administrative control, which is especially appealing to critical infrastructures with expansive facilities or complex IT systems.

Security and privacy often go hand in hand, especially in the healthcare marketplace. HIPAA encourages healthcare facilities to implement electronic systems and mandates that these systems guarantee privacy and security of patient information. As a result, more healthcare organizations are using smart cards, proximity cards and biometrics to secure their computer networks.

The Right Technology
Organizations today can choose from a wide range of ID card technology to fit their security needs, from visual ID cards to those with embedded biometrics. Most choose something in the middle.

Magnetic stripes and bar codes are inexpensive methods of encoding text onto a card and collecting critical data. Magnetic stripes contain digital data, such as access privileges, employment history or background information, that is transferred onto the card by special encoders. A reader translates the data for computer processing, and bar codes provide access to more complete information in a secondary database.

Smart cards use internal microprocessors or memory chips with non-programmable logic to manipulate information—much like a miniature computer. This enables organizations to incorporate multiple applications and functions into one smart card, thus justifying the slightly higher cost.

Many critical infrastructures still have a low level of perceived threat and thus have not adopted the robust security offered by smart cards. They could learn a lesson from how schools have maximized the benefits of these cards, often combining multiple functions onto one card. Students at the 3,200- student Everglades High School in Florida, for example, have been using ID cards for school identification for about 12 years. Four years ago, the staff added a smart chip to its cards, enabling debit card privileges in vending machines, the media center and at a number of other student activities. EHS students can even purchase yearbooks and prom tickets with their ID cards. The goal is to become a cashless campus.

At one New York high school, substitute teachers must carry a smart card containing a microprocessor chip embedded with their Social Security number and certain encrypted security codes. The smart card program is tied into the criminal justice system, providing immediate confirmation of criminal violations. Special attention is paid to individuals with a criminal history.

Critical infrastructures that want to take security programs to another level can add holographic solutions to their ID cards to prevent them from being counterfeited. Options range from economical foilstamped holographic seals to custom holographic overlaminates with hidden micro text, sophisticated flip images that appear to be animated or pseudo color that changes when the card is tilted.

Biometrics represents the ultimate in authentication and, as a result, can be the most expensive addition to ID cards. Iris scans and palm prints are powerful security tools. In a few years, this technology will be more commonplace, but for now, it is used primarily by critical infrastructures threatened by the greatest amount of disruption if attacked. For example, the Department of Defense is matching biometric data stored on its 4 million common access cards with a live image from a biometric sensor.

Responding to Disasters
Critical infrastructures are sometimes better at responding to disaster than preparing for it, and ID cards are an important part of a disaster management program. Following Hurricane Katrina, ID cards were used to credential evacuees and provide them with some form of personal identification, which also helped the Salvation Army maintain security in the temporary shelters. Evacuees also were able to receive their Social Security payments and cash checks.

Often during a disaster, first responders from federal, state and local agencies work together in a single command structure to credential people quickly and authorize access to certain areas. The need for a clear and constant tracking system is critical. The first responder authentication cards, compliant with HSPD-12 and FIPS 201, identify first responders at the scene of an incident, enabling them to move in and out of secured areas. The cards allow physical access into buildings, logical access to networks, incident command and control, and property and firearms accountability.

Preparing for the Unthinkable
Applications exist today for in-house production of ID cards that fit almost any budget. Funding also is available to help offset costs. Having a localized system gives organizations the flexibility needed to create an ID system that is relevant to their facility.

People want to know that critical infrastructures are taking every precaution to preserve the safety and continued operation of this nation. Visible ID cards provide small but tangible assurance.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3