Dissecting The Layers

Different product offerings meet various security requirements

When people talk about layered physical security, they often think it involves having more than one security device at a particular point on their property. A good way to visualize security layers is to break down what can be considered the different layers of a building’s perimeter from the outside in—beginning at the property line, then to the entrance of a building, and ending at the interior doorway. For each layer, there are different product options as well as varying requirements that security leaders need to consider to maximize protection of a facility and its assets.

Layer One—Outer Perimeter

True security begins at a facility’s outermost perimeter. The edge of your property line is the best place to stop or detect an intruder because the time to respond can be maximized. A common approach to securing the perimeter involves the four “Ds”: deter, detect, delay and deny. At the outermost perimeter, security options are numerous and range from age-old technologies to the latest innovations.

While fences and walls are among the most common structures used for securing perimeters, tighter security needs driven by regulations such as Chemical Facilities Anti-Terrorism Standards (CFATS) often require some form of intrusion detection system. Such systems help provide a higher level of perimeter protection, whether they are fence-mounted, freestanding or buried.

There are many technologies available in fence-mounted systems alone, such as taut wire, microphonic and fiber optics. These systems have varying degrees of success and sophistication and are all designed to detect any intrusive attempt to cut, climb or lift a secured fence and issue an instant alarm. Cameras can then help verify that an alarm is in fact a legitimate intrusion—versus a nuisance or false alarm requiring no action—and guide security staff in taking proper action before an intruder reaches the buildings or assets inside.

“Detection and assessment are the keys to effective perimeter security,” said Benjamin Butchko, president of Butchko Security Solutions. “Assessment is important because when sending responders, you need to know the alarm is legitimate, what you’re looking for and where the threat is going, because by the time responders can get to the outer perimeter, the threat has moved on.”

Some facilities occasionally use cameras with video analytics as their sole perimeter intrusion detection system. This may be an attractive and lower-cost option when there are already cameras monitoring the property line, but this solution has known deficiencies.

“For high-security and high-risk environments, video analytics is more of a complementary than a stand-alone technology,” Butchko said.

Cameras with video analytics are an example of freestanding systems in which fences may not be required. This category also includes passive and active infrared systems and microwave and electrostatic sensors. Different devices can detect activity crossing narrow strips or wide-open areas. They can also complement fence systems by protecting gates or adding a layer of defense on either side of a secured fence to supply more detection intelligence.

Buried sensors are also cable-based and include seismic, leaky-coax and magnetic sensor options. Like cameras, sensors can be used where there is no wall or other barricade to protect property, and they can be helpful in alerting security staff if an intruder is approaching or has reached a point inside a secured area.

Most of these outer perimeter security options are visible to intruders and serve as a deterrent as well as a means to detect. They also can trigger lights and audible alerts, which add additional deterrence. Other delay tactics usually involve barriers to overcome, such as barbed wire, a second fence or terrain elements, such as ditches. Distance can also be a delay tactic, wherein the outer perimeter is pushed farther away from protected assets, allowing more time for security forces to respond.

If all you have is a fence as your primary means for perimeter protection, you may want to consider your perimeter as an area that needs some attention. The timing for action and the level of effort and investment this layer merits for your business depends on many things, including a candid assessment of the risk and resources available.

“Organizations usually close the door after the horse is gone,” said Darin Dillon, business development manager for Convergint Technologies. “Admittedly, it is sad that loss is frequently the instigator to spend on security.”

In some cases, regulatory authorities get involved to drive action. Sometimes, a large national or local security-related event will spur others to take preemptive action. Or, it may just make sound financial sense, as was the case for Guadalupe Valley Electric Cooperative (GVEC), an independent electric utility in South Central Texas.

“Our goal with our new substations was to implement a multilayered intrusion detection system. Two of the layers we aimed to improve included perimeter security and access control from the unmonitored cameras we had in place at our preexisting substations,” said Bernie Acre, information systems division manager for GVEC. “Today, we include a fiber-optic intrusion detection system on all perimeter substation fencing, which triggers fixed and PTZ cameras and alerts at our 24-hour control center. While we are not mandated at this point, evolving NERC compliance regulations encouraged us to assess and evolve, rather than react. From a business perspective, a $50,000 investment to protect a $5 million asset for the members of GVEC is warranted.”

Layer Two—Building Entrance Security

Since an organization’s most valuable assets often are within a building, having security control who enters a facility is an important line of defense. Unlike outer perimeter security efforts, this second layer is more hardened and can deny access. What someone encounters at a building’s entrance greatly depends on the building itself. At a control house of an electric substation, a simple keyed door may be the only security. Office buildings lower than Class A rarely have any security beyond access-controlled outer doors that lock after business hours. Commercial and industrial spaces may have either of these or even full-height turnstiles that span from floor to ceiling and can operate as an unsupervised entrance control system.

Many large corporate offices, Class A buildings and government buildings employ security staff to process visitors and handle other issues. Oftentimes, a security officer will check for badges or operate scanning equipment to ensure people entering are authorized to proceed.

“Having a security officer visually verify that the ID matches the person is the best thing, but this process does not provide acceptable throughput, and having an adequate number of security officers available to facilitate acceptable throughput would be very costly,” Dillon said.

An alternative is to create walls with doors instead of an open lobby. Then, door access control methods with supervising security staff can work. However, walls tend to get in the way for building owners or corporations that desire a large, open and aesthetically pleasing lobby. For typical open lobbies, advanced security systems pair optical turnstiles with an access control system to remove security officers from conducting routine verification. This not only improves security and speeds throughput but also lowers operating costs because security staff is reduced.

“Turnstiles are a good opportunity to reduce budget, but they are most helpful in being effective at securing the entrance and getting people through faster,” said Randy Simpson, senior sales executive for Metroplex Control Systems.

The most common optical turnstile configuration used for securing a building lobby includes a barrier, typically made of either metal or glass, that provides deterrence and delays benefits. For a more hardened lobby, turnstiles with imposing 6-foot-high barriers are more difficult to defeat. As a result of the recession, some Class A buildings have begun using tall barrier turnstiles in unguarded lobbies to save on labor costs. This can be risky if it hinders response to alarms. Fullheight turnstiles may feel more secure, but they are often viewed as eyesores in this environment.

“In Class A buildings, aesthetics always win out over security,” Simpson said.

The best optical turnstiles combine speed and high security with refined style that is far different than the bulky, masstransit look of most turnstile brands.

A final consideration for high-rise buildings is to use elevator destination dispatch technologies for controlling access to floors. Such devices require credentials to call an elevator and restrict individuals to stay on floors on which they’re allowed. As a stand-alone entrance technology, this would not be sufficient because anyone can enter an open elevator. But with guard supervision or optical turnstiles in place, it’s an excellent complement.

Layer Three—Interior Door Security

Moving deeper into a building, the third major layer of security is at a doorway—nearly the last line of defense. This innermost layer of security typically is given the most attention because it is closest to an organization’s core assets. Most end users already have an access control system, locks and readers in place to create a secure access point, but for sensitive doors, more may be needed.

There are many security considerations for a door beyond controlling the lock. As a portal into a secure area, the door itself, as well as the hardware and door frame, all have to be considered as possible points of compromise that would enable unauthorized entry. Once a door is unlocked, another substantial security risk is added—the open door. In order to achieve full door security, this open portal also must be protected.

Secured doors don’t open without an authorized person present, so asking employees to help enforce an organization’s access restrictions is an option. In most situations, however, this is not a reliable method. With innocent incursions, many employees may be fine with stopping a person. But with aggressive and skilled intruders, or with collusion, the open door provides free and easy access. One option is to station a security officer nearby to complement the access control system. Surveillance cameras are another option, but this is a passive way to monitor because they can provide only forensic or investigative benefits after the damage is done.

The best scalable alternative is to use an “anti-tailgating” or “anti-piggybacking” door security solution. Some devices can be mounted to the sides of a doorway and project beams across the opening. Others mount overhead and use an imaging method to count heads. All work to accomplish the same result— force every person who passes through a secured door to present authorization.

“Certain customers are thinking more about tailgating these days,” Simpson said. “Low-profile solutions are great in applications such as executive levels of a corporate headquarters where they want to beef up door security but still give the soft feeling of being able to come and go when you want to.”

A high-profile and expensive way to ensure that only one person passes through for each authorization is to install a mantrap, in which a vestibule space is created between two secure doors and only one door is allowed open at a time. This solution requires architectural modifications in addition to security equipment and may even use one of the aforementioned tailgate detection systems to ensure only one person is in a vestibule before an interior door is unlocked. If designed correctly, a mantrap is difficult to defeat, though it is not always practical or appropriate for the risk level. It makes the most sense in applications where stakes are high, such as at large data centers, laboratories or jewelry stores.

The impediment of a closed door is the only effective way to deny access, but having the power to know if an intruder has made it in allows a response to be enacted to secure assets beyond the door. As with perimeter security at the property line, combining surveillance with detection at the doorway enables proper assessment of the force needed to stop an intrusion.

IP and Layered Security

One development underway that will help manage all three perimeter layers is the continued transition from analog to IP-based security solutions.

In lobby security, optical turnstiles have recently begun moving online. At the fence line, however, aside from IP cameras, there currently is no visible move toward IP for intrusion detection solutions. Time should change this as the benefits of security systems on the IT network in other parts of an organization start to gain more attention. This likely will lead to growing demand for IP-enabled solutions to address security needs across all layers of the perimeter.

This article originally appeared in the August 2012 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3