Countering a Calamity

Technology advances CFATS requirements

• By Mariann McDonagh
• Apr 01, 2009

In today’s world, any manufacturing or critical infrastructure facility is at risk of a terrorist attack. Critical infrastructure facilities, including energy generation plants, water treatment centers, communications networks, and food and agricultural manufacturing plants, face a higher probability of attack due to their potential for catastrophic disaster. In particular, facilities that use potentially volatile chemical substances as part of their normal operation are often seen as higher-risk targets.

Realizing that chemical facilities face an increased risk of terrorist attack, in April 2007, the Department of Homeland Security enacted the Chemical Facilities Anti- Terrorism Standards regulation. CFATS sets forth a series of requirements that high-risk chemical facilities must meet. Facilities required to comply with the CFATS regulation include chemical manufacturing, storage, distribution, energy and utilities, agriculture and food, paints and coatings, explosives, mining, electronics, plastics and healthcare.

Risk-Based Performance

Performance standards are often used to establish common requirements to measure and verify levels of compliance. However, performance standards do not typically mandate a precise method for achieving the required results.

The CFATS regulation establishes 18 risk-based performance standards that each facility must meet to remain in compliance. The RBPS cover perimeter security, access control, personnel safety and cyber security. The standards are structured in a way that allows each chemical facility to customize its security solutions to meet the demands of its unique environment, as long as they achieve the requisite level of performance in each applicable area.

To comply with CFATS, each facility must conduct a vulnerability assessment and develop a plan to bring security policies, procedures and technologies in line with the RBPS.

Perimeter Security Requirements

Consider the first four RBPS, which establish requirements related to the perimeter security and monitoring of a chemical facility.

Restrict area perimeter. Secure and monitor the perimeter of the facility.
Secure site assets. Secure and monitor restricted areas or potentially critical targets within the facility.
Screen and control access. Control access to the facility and to restricted areas within the facility, and screen and inspect individuals and vehicles as they enter.
Deter, detect and delay. Take steps to create sufficient time between detection of an attack and the point at which the attack becomes a success.

The complexity of these facilities often makes them the most challenging to secure. Water treatment and distribution systems, energy production facilities and manufacturing plants often encompass multiple buildings and are encircled by widespread, geographic perimeters that are difficult to monitor efficiently.

Perimeters are the outermost expanse of a security network and often consist of harsh outdoor environmental conditions. The remote and punishing nature of perimeter security means that technologies used to monitor these areas must be tested, versatile andwell-suited for the task at hand.

To overcome these challenges, while meeting the perimeter security requirements outlined in CFATS, a perimeter security solution involving multiple protective measures, providing a layered approach to security, is required.

Monitoring, Analytics and Detectors

Many commercially available security technologies can be integrated to create a layered perimeter security solution. Perhaps no combination is more effective than the layering of video surveillance monitoring, video analytics software and passive infrared detectors.

Video monitoring enhances situational awareness in an environment with geographically distributed facilities and wide-area perimeters. Video monitoring networks replace the need to have security personnel patrol the perimeter. Whether it’s a legacy CCTV network or a cutting-edge IP video surveillance solution, the perimeter visibility provided by a video monitoring solution is critical for CFATS compliance.

Video analytics software can be deployed across a pre-existing CCTV video surveillance network or easily integrated with an IP video system, making it versatile and cost effective. The software automatically identifies suspicious behaviors along a security perimeter, before they escalate. Video analytics software is capable of establishing tripwires or virtual perimeters for real-time object detection, identification and classification. This functionality significantly increases the effectiveness of passive video monitoring systems and allows for a faster reaction time as specified in RBPS 4.

Working alongside video monitoring and video analytics solutions is another key perimeter security technology called passive infrared detection. A PIR detector measures infrared light radiating from objects in its field of view. PIR detectors accurately identify motion when an infrared source with one temperature, such as a human, passes in front of an infrared source with another temperature, such as a security fence or building.

Designed for outdoor applications, such as perimeter and area protection, PIR detectors are easy to deploy, known for trouble-free operation and relatively immune to issues stemming from environmental conditions and metal reflectivity. They require a low-power source and offer medium- to long-range linear coverage, as well as directional detection capabilities. These sensors are optimized to improve detection probability, thereby reducing expensive false alarms. These detectors also typically include diagnostic software, allowing for remote testing and easy configuration.

The true potential of a layered perimeter security solution is realized when these technologies work in concert. The field of view of a PIR detector is typically narrow but can extend for long distances along the entire length of a linear perimeter. In contrast, the field of view of a video camera can be quite wide, especially if it is equipped with PTZ functionality.

When video analytics is applied to the camera, it becomes intelligent rather than just a passive monitoring tool. With these two devices actively monitoring the perimeter, there is little chance for a potential threat to go undetected. However, in order to register an alarm, both the PIR detector and the video analytics software must register that a perimeter has been, or is about to be, breached.

Centralized Monitoring

To achieve the enhanced command and control over perimeter security required by CFATS, a centralized, event-based monitoring station must be established. A centralized monitoring station combines the camera feeds, the sophisticated video analytics data and PIR detector alarms to provide real-time actionable intelligence. From a centralized location, security administrators keep track of activity across expansive perimeters to significantly improve the effectiveness of security personnel. Centralized monitoring provides complete control over the video monitoring and analytics systems and allows for two-way audio capabilities.

In addition, from a centralized monitoring station, security personnel can control local relay outputs to open gates, activate lighting and more. Information from automated health-check features on the more robust perimeter surveillance solutions can be transmitted to a centralized monitoring station to produce reports on critical device failures, eliminating the risk of a breach due to a malfunctioning system. Centralized monitoring tools also can integrate with access control and alarm systems to provide centralized password management and report on unauthorized access attempts based on user-defined rules.

Perimeter Protection

Recently, Xtralis has been working to deploy a layered security solution for a large municipal water treatment facility. The perimeter includes the treatment facility and the large expansive reservoir from which the city gets its water supply.

The reservoir is remote, wooded and populated with local wildlife, making it hard to determine whether an animal or human triggered a motion sensor. After conducting a lengthy and careful analysis, it was determined that a layered perimeter security solution was the most viable option for accurately monitoring the reservoir and treatment facility while minimizing false alarms.

PIR detectors were deployed along the reservoir in combination with a network of strategically placed CCTV cameras. Security officials used the detectors to identify motion along the miles of unmanned perimeter and set up tolerances using video analytics to differentiate between a human and wildlife.

A more concentrated network of cameras and infrared sensors was deployed around the perimeter of the water treatment facility to monitor incoming and outgoing vehicles, personnel and activity.

All the camera feeds, infrared sensor data and alarms were transmitted to a centralized monitoring station located within the water treatment facility. Here, video feeds and video analytics data are displayed on a large video wall using management software that ties all the devices together. When a threat is identified, centralized monitoring personnel alert patrol officers in the vicinity to investigate. This system of layered technologies keeps the entire water supply safe from potential terrorist threats.

As the potential for terrorist attacks remains, the implementation of CFATS RBPS requirements will be an increased focus in 2009. The best guarantee for meeting the stringent perimeter security compliance demands set forth by CFATS is a multilayered approach combining several technologies. To ensure success, facilities subject to CFATS regulations should select a vendor that has proven technology and a solid base of similar implementations.

This article originally appeared in the issue of .