Hardened Networks Add Reliability to Remote Monitoring

IP-enabled video cameras have dramatically changed the way physical security can be implemented

Industrial Ethernet is a powerful tool when planning for the deployment of remote security monitoring in any setting that has environmental challenges. Physical security is a concern for most segments of national infrastructure, from public utilities and transportation systems to private industry, local governments and education. The ability to deploy a seamless, highly reliable and redundant, high-bandwidth communications network is paramount. It must convey data, video—at various levels of resolution—and VoIP-based alerts and conversations. Industrial Ethernet, which has been adopted as a global communications standard by prestigious and powerful groups such as the IEC for power utilities (IEC 68150), provides the platform for which numerous manufacturers of security appliances and other industrial equipment can create widely available, well-priced, future-proof equipment. An examination of several case studies where sensitive locations deployed Ethernet- based security monitoring systems can prove instructive.

Protecting National Infrastructure

Power utilities are at the center of a national (and international) effort to create security standards that can protect these national lifelines from intentional or inadvertent security breaches. Given the far-flung nature of the power grid, remote security monitoring enabled by an Ethernet communications network offers the most affordable answer to increased security and surveillance needs.

Nuclear Power Facility Uses Thermal Fence

A nuclear power facility installed a fully integrated perimeter alert system for simultaneous threat detection and assessment capability. The thermal fence incorporates both thermal security cameras and control and management software for the sensors deployed around the perimeter, providing a full virtual fence solution. Hardened managed Ethernet switches integrated the internal control and monitoring activities with the perimeter monitoring and alarm system.

Managed industrial Ethernet switches provide the network transport system “glue” that transfers the information collected in the field to redundant servers in the central monitoring station. Multiple resilient rings ensure high availability in an environment where failure is not an option. The same communications protocol delivers video information to the security hub that manages up to 256 VLANs, providing secure data pipes and keeping various control and monitoring channels separate within the facility.

Managed switches also can reduce traffic through the use of protocols such as Internet Group Management Protocol (IGMP). The primary goal of IGMP is to eliminate unwanted multicast traffic from video feeds. Typically, IGMP requires expensive and complex layer-3 switch/router implementations to manage multicast video streams so that they are sent only to target switches. However, this nuclear facility used a combination of layer 2 switches, implementing IGMP-Snooping (a kind of IGMP-lite) and IGMP-L2, a Belden proprietary protocol developed by its GarrettCom brand. This brand also works with layer 2 switches that provide similar results with less complexity in many applications.

Far-flung Power Gen and Substations Require Flexible Op tions Power utilities have challenges beyond the protection of a single facility. The entire smart grid consists of complex interactions among power generation equipment, substations, transmission and distribution lines and consumers.

Centralized monitoring of operational data is critical for cost-effective operation while new regulatory requirements and good practices dictate increased access security. Connectivity across the smart grid uses the full gamut of technologies available. Some networks use Gigabit fiber backbones that stretch for miles, often configured in redundant rings for resiliency. When it is neither practical nor cost effective to lay dedicated fiber cable, connections may be accomplished with the use of Ethernet over wireless Ethernet or by sending Ethernet over WAN circuits (e.g., DDS, T1/E1) from local telephone providers. A router equipped with a firewall is required at each end of the line to provide an electronic security perimeter to protect sensitive data. Further demonstrating the flexibility of IP, new routers have been developed that send data over a fiber or WAN backbone and also provide a cellular connection as backup. The flexibility of Ethernet transport equipment solves the problem of distance when aggregating security or operational activity data from remote sites for centralized monitoring, data storage and coordinated response when necessary.

Remote security applications typically consist of video cameras supplemented by access control devices that also provide personnel logging to meet NERC/CIP requirements. These security devices transmit either consistently or on an exception basis when an event occurs. The security information passes over the same communications channel as the data that is being transferred for monitoring and control of the equipment at that location. VoIP phones support secure communication when members of the maintenance or operations staff are at the remote site.

In many cases, the switches required to manage these security appliances are deployed in the field where they are exposed to temperature extremes and possibly moisture and dust; hardened networking devices are required. When the switches are installed inside remote substations, they need to be additionally hardened—sometimes called substation-level hardening— to withstand high electromagnetic radiation and the possibility of power spikes.

Crime Prevention and Personal Security

A more traditional application for many security dealers and integrators is a surveillance and security system designed to protect property and people. While a considerable number of these installations are deployed within buildings and can be supported by commercial-grade networking equipment, many others require that at least some of the networking equipment be installed in harsher environments. Industrially hardened switches, routers and other equipment are typically the best choice for installation in environments such as parking lots, garages and campuses, which are damp, dusty and regularly exposed to temperature extremes or high levels of electrical noise.

Campus Security in Weather Extremes

Campus security, like city-wide security, requires strategic planning. A college in central Florida provides video surveillance coupled with emergency phones campus-wide. This surveillance and VoIP system had the usual issues of connecting back to a central facility— with one extra consideration. Florida’s combination of frequent lightning strikes and relatively high water tables contributed to far too many failures in the emergency phone system.

The original network had two separate networks, a Cat-5e copper wire system for the emergency phones and a separate fiber optic and copper system that linked surveillance cameras. The phones were daisy-chained together while the camera system used a star topology. The campus had a shallow water table that was only 1.5 feet below the surface. During the frequent lightning strikes, electric current was conducted through the ground and found its way through the copper wiring installed, burning out the outdoor phones.

By integrating phone and camera services onto a single Ethernet network over a resilient fiber ring, the campus reduced cabling costs while increasing reliability. The new network runs over a fiber optic backbone that is terminated above the water table line on the camera and phone towers.

Because fiber does not conduct electricity, the extended use of fiber cabling, combined with a more aggressive grounding strategy that included a lightning rod on each tower, addressed the lightning issue.

To withstand the heat buildup and humidity of the Florida campuses, an industrially hardened switch, fully enclosed and with robust management capabilities, was required.

The new system is more reliable and significantly reduces deployment and maintenance costs. An automated alarm system monitors all managed switches every 10 minutes. When problems occur, the network analyst is immediately notified via email or text message. SNMP traps are stored on a syslog server for each switch and are available to help troubleshoot issues.

IP-based security devices and the associated ability to employ network convergence enable a wide variety of security applications that formerly were either impossible or impractical to deploy. Standards-based equipment and networking components not only reduce equipment, deployment and training costs, but they also provide a stable platform upon which to build future security systems. Ethernet’s ability to support data, video and voice over a single network further reduces complexity and cost in a security deployment.

Within the Ethernet community there are a variety of products designed to operate in different environmental conditions. Because security requires failsafe communication, choosing reliable equipment is a critical component of the design.

This article originally appeared in the October 2012 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3